There are several network attacks that can be done to attack one's network. A few of them are MAC address flooding attack, VLAN Hopping and Switch Spoofing.
MAC address flooding attack sends out numerous frames to the switch using different source MAC addresses. This will load the switch with processing capacity since it needs to find maintain those MAC addresses in the switching table. It will also create a denial of service (DoS), because when the memory for the MAC address table is run out, legitimate hosts will not be able to access the switch. Unnecessary bandwidth consumption is also being used since MAC address flooding will flood the network with broadcasts. From this attack, the attacker can also intercept packets with a packet sniffer, since this client can receive broadcasts from legitimate hosts. To prevent this, illegitimate hosts should be kept out of the network and should be blocked if they want to access the network. Port-based authentication and port security can be implemented to implement this prevention.
VLAN Hopping uses double VLANs to spoof the switch by using double VLANs. In order to do this, the host should be able to access the port, be placed in the native VLAN, and the switch should use dot1q. The attacker will use 2 different VLANs, where one is the native VLAN. When the switch sees a frame from a native VLAN, it will remove the VLAN tag and sends it in the network untagged (dot1q protocol). What the switch does not know is that the frame has a second VLAN tag. At this moment, the attacker's frame is free to attack other hosts for phising, trojan, virus etc using their second VLAN to attack users having the same VLAN as the second VLAN of the attacker. To prevent this, simply create a native VLAN where there are no host attached to it. In this way, every frame from the host is being inspected.
Switch spoofing uses the behavior of switches running a port in dynamic desirable mode. In this way, a switch will aggressively try to form a trunk port with its peer, without knowing who or what its peer is. The attacker can spoof the switch by acting as a switch and accepting the trunk. From this moment on, the attacker has the ability to listen traffic running through its device and can find out user names, passwords, credit card numbers etc. To prevent this, the switch should only set dynamic desirable mode or auto mode to ports that are known to have trusted switches at its peer. All other ports should be set to access mode.
MAC address flooding attack sends out numerous frames to the switch using different source MAC addresses. This will load the switch with processing capacity since it needs to find maintain those MAC addresses in the switching table. It will also create a denial of service (DoS), because when the memory for the MAC address table is run out, legitimate hosts will not be able to access the switch. Unnecessary bandwidth consumption is also being used since MAC address flooding will flood the network with broadcasts. From this attack, the attacker can also intercept packets with a packet sniffer, since this client can receive broadcasts from legitimate hosts. To prevent this, illegitimate hosts should be kept out of the network and should be blocked if they want to access the network. Port-based authentication and port security can be implemented to implement this prevention.
VLAN Hopping uses double VLANs to spoof the switch by using double VLANs. In order to do this, the host should be able to access the port, be placed in the native VLAN, and the switch should use dot1q. The attacker will use 2 different VLANs, where one is the native VLAN. When the switch sees a frame from a native VLAN, it will remove the VLAN tag and sends it in the network untagged (dot1q protocol). What the switch does not know is that the frame has a second VLAN tag. At this moment, the attacker's frame is free to attack other hosts for phising, trojan, virus etc using their second VLAN to attack users having the same VLAN as the second VLAN of the attacker. To prevent this, simply create a native VLAN where there are no host attached to it. In this way, every frame from the host is being inspected.
Switch spoofing uses the behavior of switches running a port in dynamic desirable mode. In this way, a switch will aggressively try to form a trunk port with its peer, without knowing who or what its peer is. The attacker can spoof the switch by acting as a switch and accepting the trunk. From this moment on, the attacker has the ability to listen traffic running through its device and can find out user names, passwords, credit card numbers etc. To prevent this, the switch should only set dynamic desirable mode or auto mode to ports that are known to have trusted switches at its peer. All other ports should be set to access mode.
No comments:
Post a Comment