尊敬的 微信汇率:1円 ≈ 0.046166 元 支付宝汇率:1円 ≈ 0.046257元 [退出登录]
SlideShare a Scribd company logo

Introduction to layer 2 attacks & mitigation

Rishabh Dangwal
Rishabh Dangwal

This document provides an overview of layer 2 attacks and mitigations. It discusses common layer 2 protocols like ARP, DHCP, STP, VTP, DTP and CDP and explains how they can be exploited through spoofing, flooding, and other techniques. Specific attacks covered include ARP poisoning, DHCP starvation, CAM table overflow, CDP attacks, VTP attacks, DTP attacks, HSRP abuse, spanning tree attacks, VLAN hopping, and PVLAN attacks. The document then offers configuration recommendations to mitigate these threats, such as enabling port security, DHCP snooping, root guard, and disabling unused protocols.

Technology
1 of 34
An Introduction to Layer 2 Attacks & Mitigation Rishabh Dangwal www.TheProhack.com | Twitter @prohack
Agenda  Layer 2 Security - The What, Why and What Now ?  Switching Basics  Quick Knowledge Check  The Attacks & their mitigation.  ARP based  Cisco Specific  STP & VLAN Attacks  Switch Configuration Review – What to look  Question Answer session.
Layer 2 Security The What, Why and What Now ?  OSI is a layered model and if one layer gets hacked, all layers are compromised.  Layer 2 Attacks are still very much relevant today.  Poorly configured Network environments.  Information gap between Network and Security Personnel (refer next slide).  Different architectures , same protocols; henceforth same weaknesses.  Security is only as strong as your weakest link.
Switching Basics  What is a Switch exactly ?  How does it function ?  VLAN basics.  Tagged and Untagged ports (also called as edge/access and Trunk ports).  Spanning Tree Basics.  Layer 3 Switching ?  More Layer 2 Switching Vendor specific technologies.
Quick Knowledge Check Kind questions to ask to your Network & Security Admins 1. How do they handle Network Security issues? 2. Is their network segmented by VLANs ? 3. Are their networked VLANs secure by design ? 4. What is the process of IP Segment allocation ? 5. Is there a formal Change Process in place ?
Flooding & Spoofing Attacks Attacks which utilize either flooding or resource starvation  ARP Poisoning  DHCP Starvation  CAM Table overflow
ARP Attacks  ARP Poisoning : can be easily carried out.  Stateless protocol.  NO inbuilt authentication  Limited to local network segments.  Can be escalated/exploited to MITM , SSH Interception , DOS, session hijacking attacks.  Tools of Trade : Ettercap, Cain & Abel , Dsniff
DHCP Starvation  DHCP Scope exhaustion by installing a rogue DHCP server.  Spoofed MAC requests broadcast/flood network.  Resource starvation occurs which may make a rogue server more effective.  Tools of Trade : Yersinia
CAM Table Overflow  Content Addressable Memory (CAM) is used in highly efficient search based environments.  Cisco switches use CAM to make MAC & interface mapping tables.  One can flood MAC in network which can fill CAM & thereby make a switch act like a hub.  Tools of Trade : Dsniff, Ettercap, Cain & Abel and more..
Flooding & Spoofing Attacks − Mitigation  Ensure Port Security is enabled (static ARP entries)  Enable Port Security  Enable DHCP Snooping.  Question Network admin on requirement of PARP / GARP if present in configuration.  Dynamic Arp Inspection .
Cisco Specific Attacks  CDP attacks − Applicable to Cisco IOS based devices.  VTP attacks − Applicable to Cisco Switches.  DTP Attack − Applicable to Cisco IOS based devices.  HSRP Abuse − Applicable to Cisco IOS based devices.
Cisco − CDP Attacks  Cisco Discovery Protocol (CDP) allows Cisco Devices to communicate with each other.  CDP communicates is unencrypted , unauthenticated & carries a ton of information.  CDP can be exploited to   CDP DOS (Even WLCs are vulnerable)  Overflow / Pollution / Corruption of CDP Cache  Raking up power bills (POE abuse)  Tools to Use : Yersinia
CDP Attacks − Mitigation  Turn CDP Off.  Check with Network guys for any specific requirement of CDP (VOIP phones/Tshoot).  All unused ports shall be shut by default.  BONUS : Different vendors have similar protocols −  Juniper / Huawei LLDP (LLDP Attack Framework)  Brocade FDP  Maipu MDSP
Cisco − VTP Attack  Virtual Trunking Protocol (VTP) is used by Cisco to propagate VLAN information.  VTP uses a versioning system with a client server architecture.  Clients sync their configuration with Server to maintain current VLAN database revision.  Attack involves DOS by sending VTP messages in the network.  Tools of Trade : Yersinia
VTP Attack − Mitigation  Check with admin if VTP is required, if NO, recommend them to configure switches in transparent mode.  If Yes, check if following parameters are configured correctly   VTP password should be there and shall be md5 encrypted (Service Password Encryption)  Non participating switches should be configured in transparent mode.  VTP pruning should be enabled.  All unused ports shall be shut by default.
DTP Attack  Dynamic Trunking Protocol (DTP) negotiates port states between 2 devices.  By default an interface is negotiated to become a Trunk (Tagged) port, hence its name.  One can send RAW DTP packets on Access interface & can make it trunk.  Trunk interface can then be used to escalate/exploit STP/VTP/VLAN based attacks.  Tools of Trade : Yersinia
DTP Attack − Mitigation  Turn of DTP by enabling no more auto-negotiation.  Refer below configuration for access (untagged) port, settings are hardcoded , nothing is auto.  All unused ports shall be shut by default.
HSRP Abuse  Hot Standby Router Protocol (HSRP) is used for achieving HA between Cisco devices.  Functions in Active/Passive mode, UDP 1985.  Uses multicast, by default password configured in plain text.  Attacker can send raw HSRP packet.  Compromise and become Active device with real or spoofed IP.  Tool to use : Yersinia
HSRP Abuse − Mitigation  Use MD5 authentication.  Hardcode everything.
Spanning Tree Attacks  Invented by Dr Radia Perlman, Spanning Tree Protocol (STP) is used for providing a loop free topology for a LAN or bridged network.  An attacker can disrupt STP topology by  Masquerading as a rogue switch.  Introducing a real switch in network.  Spoofing Root Switch  Sending malicious BPDU’s  Claiming roles in topology  Tools of Trade : Yersinia
Spanning Tree Attacks − Mitigation  Enable Root Guard on Cisco Switches, Root Protection on Juniper Switches.  Enable BPDU Guard on Cisco Switches, BPDU Protection on Juniper Switches.  All unused ports shall be shut by default.
Multicast Brute force  Switch receives a number of multicast frames in rapid succession.  Frames to leak into other VLAN instead of containing it on original VLAN.  May lead to DOS.  Rare nowadays.
Multicast Brute Force Attack − Mitigation  Buy switches with better queues/buffer and memory support.  Upgrade your supervisors (4500X and above , Cisco Only).
VLAN Based Attacks • VLAN Hopping − 802.1Q abuse. • PVLAN − Bypassing Layer 2 segregation logic.
VLAN Hopping  VLAN Hopping refers to emulation of a network switch & send frames (802.1Q/ISL).  An attacker can also send double tagged frames on trunk / access interface.  First frame will be stripped by switch and it will forward the frame to outgoing interface.  Since the frame is having one more tag, it will be forwarded as it is to next unintended VLAN.  Tools of Trade : Scapy, Ostinato
VLAN Hopping Attack − Mitigation  Disable DTP  Hardcode everything.  Unused ports shall be configured as access (untagged) ports.  Native VLAN segregation.  Management VLAN segregation.  Don’t use VLAN 1 for *anything*.
PVLAN Attacks  Community ports can communicate between themselves & promiscuous ports.  This logic can be bypassed using a proxy server or a Layer 3 Device on a promiscuous port.  L3 device will overwrite destination mac on frame & then sends frame back.  Unidirectional attack can be leveraged to a bidirectional attack by compromising hosts.  Tools of Trade : Scapy / Ostinato
PVLAN Attacks – Mitigation  Configure ACL on Layer 3 device.
Bonus : SNMP Snarfing  Simple Network Management Protocol (SNMP) is used to monitor and manage devices.  Vendor agonistic , has 3 versions, version 1.0 & version 2.0 most commonly used.  Plain text authentication.  Community strings can be bruteforced , fuzzed & hacked.  Wreak havoc using read write community.  Tools of Trade : Ettercap, dsniff.
SNMP Snarfing – Mitigation  Use SNMPv3 *only*, don’t use it in backwards compatible mode.  Don’t use community strings with write access.  Be SNMP Aware, don’t let it become “Security is Not My Problem”.
Switch Configuration Review  What to look in a sample Switch configuration dump.  Best Practices.  Looking at the big picture.
Conclusion  Ensure Switches are managed in a secured manner.  Hardcode everything.  Ensure there is a Change Management process for any Network and Security Changes.  Disable protocols which are not in use (CDP/VTP).  All unused ports should be shut by default.  Use Port-Security.  Use Root Guard/BPDU guard.  Be careful about SNMP community strings.
Questions? Reach me out at admin@theprohack.com
Thank You!

Recommended

Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
VC Infotech
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)
Jainam Shah
 
WPA2
WPA2WPA2
WPA2
Mshari Alabdulkarim
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacks
Huda Seyam
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purpose
Rohit Phulsunge
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
TayabaZahid
 
Firewall
Firewall Firewall
Firewall
Devashree Kumari
 

Recommended

Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
VC Infotech
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)
Jainam Shah
 
WPA2
WPA2WPA2
WPA2
Mshari Alabdulkarim
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacks
Huda Seyam
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purpose
Rohit Phulsunge
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
TayabaZahid
 
Firewall
Firewall Firewall
Firewall
Devashree Kumari
 
Telecom Security
Telecom SecurityTelecom Security
Telecom Security
Priyanka Aash
 
Denial of service
Denial of serviceDenial of service
Denial of service
garishma bhatia
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Security
yousef emami
 
What is Firewall?
What is Firewall?What is Firewall?
What is Firewall?
NetProtocol Xpert
 
Firewalls
FirewallsFirewalls
Firewalls
Kalluri Madhuri
 
Wlan sicherheit
Wlan sicherheitWlan sicherheit
Wlan sicherheit
Michael Semper
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
Prashant Gupta
 
Session hijacking
Session hijackingSession hijacking
Session hijacking
Gayatri Kapse
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless Hacking
VIKAS SINGH BHADOURIA
 
Security Threats at OSI layers
Security Threats at OSI layersSecurity Threats at OSI layers
Security Threats at OSI layers
Department of Computer Science
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
Anthony Daniel
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & Mitigation
NetProtocol Xpert
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security Definition
Patten John
 
What is firewall
What is firewallWhat is firewall
What is firewall
Harshana Jayarathna
 
Man in the middle attack .pptx
Man in the middle attack .pptxMan in the middle attack .pptx
Man in the middle attack .pptx
PradeepKumar728006
 
Packet sniffing
Packet sniffingPacket sniffing
Packet sniffing
Shyama Bhuvanendran
 
firewall.ppt
firewall.pptfirewall.ppt
firewall.ppt
ssuser530a07
 
Firewall
FirewallFirewall
Firewall
Mudasser Afzal
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
NTP Project Presentation
NTP Project PresentationNTP Project Presentation
NTP Project Presentation
Andrew McGarry
 
STP (spanning tree protocol)
STP (spanning tree protocol)STP (spanning tree protocol)
STP (spanning tree protocol)
Netwax Lab
 
Lecture 5 - Agent communication
Lecture 5 - Agent communicationLecture 5 - Agent communication
Lecture 5 - Agent communication
Antonio Moreno
 

More Related Content

What's hot

Telecom Security
Telecom SecurityTelecom Security
Telecom Security
Priyanka Aash
 
Denial of service
Denial of serviceDenial of service
Denial of service
garishma bhatia
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Security
yousef emami
 
What is Firewall?
What is Firewall?What is Firewall?
What is Firewall?
NetProtocol Xpert
 
Firewalls
FirewallsFirewalls
Firewalls
Kalluri Madhuri
 
Wlan sicherheit
Wlan sicherheitWlan sicherheit
Wlan sicherheit
Michael Semper
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
Prashant Gupta
 
Session hijacking
Session hijackingSession hijacking
Session hijacking
Gayatri Kapse
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless Hacking
VIKAS SINGH BHADOURIA
 
Security Threats at OSI layers
Security Threats at OSI layersSecurity Threats at OSI layers
Security Threats at OSI layers
Department of Computer Science
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
Anthony Daniel
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & Mitigation
NetProtocol Xpert
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security Definition
Patten John
 
What is firewall
What is firewallWhat is firewall
What is firewall
Harshana Jayarathna
 
Man in the middle attack .pptx
Man in the middle attack .pptxMan in the middle attack .pptx
Man in the middle attack .pptx
PradeepKumar728006
 
Packet sniffing
Packet sniffingPacket sniffing
Packet sniffing
Shyama Bhuvanendran
 
firewall.ppt
firewall.pptfirewall.ppt
firewall.ppt
ssuser530a07
 
Firewall
FirewallFirewall
Firewall
Mudasser Afzal
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
NTP Project Presentation
NTP Project PresentationNTP Project Presentation
NTP Project Presentation
Andrew McGarry
 

What's hot (20)

Telecom Security
Telecom SecurityTelecom Security
Telecom Security
 
Denial of service
Denial of serviceDenial of service
Denial of service
 
Wi Fi Security
Wi Fi SecurityWi Fi Security
Wi Fi Security
 
What is Firewall?
What is Firewall?What is Firewall?
What is Firewall?
 
Firewalls
FirewallsFirewalls
Firewalls
 
Wlan sicherheit
Wlan sicherheitWlan sicherheit
Wlan sicherheit
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
 
Session hijacking
Session hijackingSession hijacking
Session hijacking
 
Wireless Hacking
Wireless HackingWireless Hacking
Wireless Hacking
 
Security Threats at OSI layers
Security Threats at OSI layersSecurity Threats at OSI layers
Security Threats at OSI layers
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & Mitigation
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security Definition
 
What is firewall
What is firewallWhat is firewall
What is firewall
 
Man in the middle attack .pptx
Man in the middle attack .pptxMan in the middle attack .pptx
Man in the middle attack .pptx
 
Packet sniffing
Packet sniffingPacket sniffing
Packet sniffing
 
firewall.ppt
firewall.pptfirewall.ppt
firewall.ppt
 
Firewall
FirewallFirewall
Firewall
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
NTP Project Presentation
NTP Project PresentationNTP Project Presentation
NTP Project Presentation
 

Viewers also liked

STP (spanning tree protocol)
STP (spanning tree protocol)STP (spanning tree protocol)
STP (spanning tree protocol)
Netwax Lab
 
Lecture 5 - Agent communication
Lecture 5 - Agent communicationLecture 5 - Agent communication
Lecture 5 - Agent communication
Antonio Moreno
 
Spanning Tree Protocol
Spanning Tree ProtocolSpanning Tree Protocol
Spanning Tree Protocol
Manoj Gharate
 
Overview of Spanning Tree Protocol
Overview of Spanning Tree ProtocolOverview of Spanning Tree Protocol
Overview of Spanning Tree Protocol
Arash Foroughi
 
difference between hub, bridge, switch and router
difference between hub, bridge, switch and routerdifference between hub, bridge, switch and router
difference between hub, bridge, switch and router
Akmal Cikmat
 
Computer networking devices
Computer networking devicesComputer networking devices
Computer networking devices
Rajesh Sadhukha
 

Viewers also liked (6)

STP (spanning tree protocol)
STP (spanning tree protocol)STP (spanning tree protocol)
STP (spanning tree protocol)
 
Lecture 5 - Agent communication
Lecture 5 - Agent communicationLecture 5 - Agent communication
Lecture 5 - Agent communication
 
Spanning Tree Protocol
Spanning Tree ProtocolSpanning Tree Protocol
Spanning Tree Protocol
 
Overview of Spanning Tree Protocol
Overview of Spanning Tree ProtocolOverview of Spanning Tree Protocol
Overview of Spanning Tree Protocol
 
difference between hub, bridge, switch and router
difference between hub, bridge, switch and routerdifference between hub, bridge, switch and router
difference between hub, bridge, switch and router
 
Computer networking devices
Computer networking devicesComputer networking devices
Computer networking devices
 

Similar to Introduction to layer 2 attacks & mitigation

Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2
samis
 
Hacking L2 Switches
Hacking L2 SwitchesHacking L2 Switches
Hacking L2 Switches
Navaneetha Sankar
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About Firewall
Vishal Kumar
 
Network & security startup
Network & security startupNetwork & security startup
Network & security startup
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacks
dkaya
 
L2 Attacks.pdf
L2 Attacks.pdfL2 Attacks.pdf
L2 Attacks.pdf
vinaykumar947680
 
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua CiscoGiai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Tran Thanh Song
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Security
dkaya
 
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & Answers
NetProtocol Xpert
 
Lec21 22
Lec21 22Lec21 22
Lec21 22
namish_maheshwari
 
ccna presentation 2013
ccna presentation 2013ccna presentation 2013
ccna presentation 2013
RoHit VashIsht
 
Examen final ccna2
Examen final ccna2Examen final ccna2
Examen final ccna2
Juli Yaret
 
CCNA 1
CCNA 1CCNA 1
CCNA 1
Asish Verma
 
CCNA 2
CCNA 2 CCNA 2
CCNA 2
Asish Verma
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Yury Chemerkin
 
PLNOG 17 - Krzysztof Wilczyński - EVPN – zwycięzca w wyścigu standardów budow...
PLNOG 17 - Krzysztof Wilczyński - EVPN – zwycięzca w wyścigu standardów budow...PLNOG 17 - Krzysztof Wilczyński - EVPN – zwycięzca w wyścigu standardów budow...
PLNOG 17 - Krzysztof Wilczyński - EVPN – zwycięzca w wyścigu standardów budow...
PROIDEA
 
Switching
SwitchingSwitching
Switching
CYBERINTELLIGENTS
 
Ccna 9
Ccna 9Ccna 9
Ccna 9
Simanto Basher
 
CCNP Switching Chapter 1
CCNP Switching Chapter 1CCNP Switching Chapter 1
CCNP Switching Chapter 1
Chaing Ravuth
 
Tech 101: Understanding Firewalls
Tech 101: Understanding FirewallsTech 101: Understanding Firewalls
Tech 101: Understanding Firewalls
Likan Patra
 

Similar to Introduction to layer 2 attacks & mitigation (20)

Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2
 
Hacking L2 Switches
Hacking L2 SwitchesHacking L2 Switches
Hacking L2 Switches
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About Firewall
 
Network & security startup
Network & security startupNetwork & security startup
Network & security startup
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacks
 
L2 Attacks.pdf
L2 Attacks.pdfL2 Attacks.pdf
L2 Attacks.pdf
 
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua CiscoGiai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
Giai phap bao mat - so sanh switch bao mat cua HDN va switch cua Cisco
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Security
 
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & Answers
 
Lec21 22
Lec21 22Lec21 22
Lec21 22
 
ccna presentation 2013
ccna presentation 2013ccna presentation 2013
ccna presentation 2013
 
Examen final ccna2
Examen final ccna2Examen final ccna2
Examen final ccna2
 
CCNA 1
CCNA 1CCNA 1
CCNA 1
 
CCNA 2
CCNA 2 CCNA 2
CCNA 2
 
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
Gaweł mikołajczyk. holistic identity based networking approach – an irreducib...
 
PLNOG 17 - Krzysztof Wilczyński - EVPN – zwycięzca w wyścigu standardów budow...
PLNOG 17 - Krzysztof Wilczyński - EVPN – zwycięzca w wyścigu standardów budow...PLNOG 17 - Krzysztof Wilczyński - EVPN – zwycięzca w wyścigu standardów budow...
PLNOG 17 - Krzysztof Wilczyński - EVPN – zwycięzca w wyścigu standardów budow...
 
Switching
SwitchingSwitching
Switching
 
Ccna 9
Ccna 9Ccna 9
Ccna 9
 
CCNP Switching Chapter 1
CCNP Switching Chapter 1CCNP Switching Chapter 1
CCNP Switching Chapter 1
 
Tech 101: Understanding Firewalls
Tech 101: Understanding FirewallsTech 101: Understanding Firewalls
Tech 101: Understanding Firewalls
 

More from Rishabh Dangwal

Cliffnotes on Blue Teaming
Cliffnotes on Blue TeamingCliffnotes on Blue Teaming
Cliffnotes on Blue Teaming
Rishabh Dangwal
 
An introduction to SwiftNET
An introduction to SwiftNETAn introduction to SwiftNET
An introduction to SwiftNET
Rishabh Dangwal
 
Network nags - when security fails
Network nags - when security failsNetwork nags - when security fails
Network nags - when security fails
Rishabh Dangwal
 
Introduction to Wan Acceleration Devices
Introduction to Wan Acceleration DevicesIntroduction to Wan Acceleration Devices
Introduction to Wan Acceleration Devices
Rishabh Dangwal
 
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comEigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Rishabh Dangwal
 
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.comUnderstanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Rishabh Dangwal
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...
Rishabh Dangwal
 
An introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh DangwalAn introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh Dangwal
Rishabh Dangwal
 
A guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal
A guide to Unified Threat Management Systems (UTMs) by Rishabh DangwalA guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal
A guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal
Rishabh Dangwal
 

More from Rishabh Dangwal (9)

Cliffnotes on Blue Teaming
Cliffnotes on Blue TeamingCliffnotes on Blue Teaming
Cliffnotes on Blue Teaming
 
An introduction to SwiftNET
An introduction to SwiftNETAn introduction to SwiftNET
An introduction to SwiftNET
 
Network nags - when security fails
Network nags - when security failsNetwork nags - when security fails
Network nags - when security fails
 
Introduction to Wan Acceleration Devices
Introduction to Wan Acceleration DevicesIntroduction to Wan Acceleration Devices
Introduction to Wan Acceleration Devices
 
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.comEigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
Eigrp Cheatsheet - EIGRP in 15 min - Rishabh Dangwal - www.theprohack.com
 
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.comUnderstanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
Understanding DDOS Mitigation by Rishabh Dangwal - www.theprohack.com
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...
 
An introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh DangwalAn introduction to Digital Security - Rishabh Dangwal
An introduction to Digital Security - Rishabh Dangwal
 
A guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal
A guide to Unified Threat Management Systems (UTMs) by Rishabh DangwalA guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal
A guide to Unified Threat Management Systems (UTMs) by Rishabh Dangwal
 

Recently uploaded

Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
ScyllaDB
 
APJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes WebinarAPJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes Webinar
ThousandEyes
 
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDBScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
ScyllaDB
 
Guidelines for Effective Data Visualization
Guidelines for Effective Data VisualizationGuidelines for Effective Data Visualization
Guidelines for Effective Data Visualization
UmmeSalmaM1
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
AlexanderRichford
 
From NCSA to the National Research Platform
From NCSA to the National Research PlatformFrom NCSA to the National Research Platform
From NCSA to the National Research Platform
Larry Smarr
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
zjhamm304
 
CTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database MigrationCTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database Migration
ScyllaDB
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
FilipTomaszewski5
 
An Introduction to All Data Enterprise Integration
An Introduction to All Data Enterprise IntegrationAn Introduction to All Data Enterprise Integration
An Introduction to All Data Enterprise Integration
Safe Software
 
Introduction to ThousandEyes AMER Webinar
Introduction to ThousandEyes AMER WebinarIntroduction to ThousandEyes AMER Webinar
Introduction to ThousandEyes AMER Webinar
ThousandEyes
 
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to SuccessDynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
ScyllaDB
 
Facilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptxFacilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptx
Knoldus Inc.
 
Building a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data PlatformBuilding a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data Platform
Enterprise Knowledge
 
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
dipikamodels1
 
ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes
 
Chapter 5 - Managing Test Activities V4.0
Chapter 5 - Managing Test Activities V4.0Chapter 5 - Managing Test Activities V4.0
Chapter 5 - Managing Test Activities V4.0
Neeraj Kumar Singh
 
So You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental DowntimeSo You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental Downtime
ScyllaDB
 
An All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS MarketAn All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS Market
ScyllaDB
 

Recently uploaded (20)

Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
 
APJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes WebinarAPJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes Webinar
 
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDBScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
ScyllaDB Leaps Forward with Dor Laor, CEO of ScyllaDB
 
Guidelines for Effective Data Visualization
Guidelines for Effective Data VisualizationGuidelines for Effective Data Visualization
Guidelines for Effective Data Visualization
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
 
From NCSA to the National Research Platform
From NCSA to the National Research PlatformFrom NCSA to the National Research Platform
From NCSA to the National Research Platform
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
 
CTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database MigrationCTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database Migration
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
 
An Introduction to All Data Enterprise Integration
An Introduction to All Data Enterprise IntegrationAn Introduction to All Data Enterprise Integration
An Introduction to All Data Enterprise Integration
 
Introduction to ThousandEyes AMER Webinar
Introduction to ThousandEyes AMER WebinarIntroduction to ThousandEyes AMER Webinar
Introduction to ThousandEyes AMER Webinar
 
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to SuccessDynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
 
Facilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptxFacilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptx
 
Building a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data PlatformBuilding a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data Platform
 
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
 
ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024
 
Chapter 5 - Managing Test Activities V4.0
Chapter 5 - Managing Test Activities V4.0Chapter 5 - Managing Test Activities V4.0
Chapter 5 - Managing Test Activities V4.0
 
So You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental DowntimeSo You've Lost Quorum: Lessons From Accidental Downtime
So You've Lost Quorum: Lessons From Accidental Downtime
 
An All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS MarketAn All-Around Benchmark of the DBaaS Market
An All-Around Benchmark of the DBaaS Market
 

Introduction to layer 2 attacks & mitigation

  • 1. An Introduction to Layer 2 Attacks & Mitigation Rishabh Dangwal www.TheProhack.com | Twitter @prohack
  • 2. Agenda  Layer 2 Security - The What, Why and What Now ?  Switching Basics  Quick Knowledge Check  The Attacks & their mitigation.  ARP based  Cisco Specific  STP & VLAN Attacks  Switch Configuration Review – What to look  Question Answer session.
  • 3. Layer 2 Security The What, Why and What Now ?  OSI is a layered model and if one layer gets hacked, all layers are compromised.  Layer 2 Attacks are still very much relevant today.  Poorly configured Network environments.  Information gap between Network and Security Personnel (refer next slide).  Different architectures , same protocols; henceforth same weaknesses.  Security is only as strong as your weakest link.
  • 4. Switching Basics  What is a Switch exactly ?  How does it function ?  VLAN basics.  Tagged and Untagged ports (also called as edge/access and Trunk ports).  Spanning Tree Basics.  Layer 3 Switching ?  More Layer 2 Switching Vendor specific technologies.
  • 5. Quick Knowledge Check Kind questions to ask to your Network & Security Admins 1. How do they handle Network Security issues? 2. Is their network segmented by VLANs ? 3. Are their networked VLANs secure by design ? 4. What is the process of IP Segment allocation ? 5. Is there a formal Change Process in place ?
  • 6. Flooding & Spoofing Attacks Attacks which utilize either flooding or resource starvation  ARP Poisoning  DHCP Starvation  CAM Table overflow
  • 7. ARP Attacks  ARP Poisoning : can be easily carried out.  Stateless protocol.  NO inbuilt authentication  Limited to local network segments.  Can be escalated/exploited to MITM , SSH Interception , DOS, session hijacking attacks.  Tools of Trade : Ettercap, Cain & Abel , Dsniff
  • 8. DHCP Starvation  DHCP Scope exhaustion by installing a rogue DHCP server.  Spoofed MAC requests broadcast/flood network.  Resource starvation occurs which may make a rogue server more effective.  Tools of Trade : Yersinia
  • 9. CAM Table Overflow  Content Addressable Memory (CAM) is used in highly efficient search based environments.  Cisco switches use CAM to make MAC & interface mapping tables.  One can flood MAC in network which can fill CAM & thereby make a switch act like a hub.  Tools of Trade : Dsniff, Ettercap, Cain & Abel and more..
  • 10. Flooding & Spoofing Attacks − Mitigation  Ensure Port Security is enabled (static ARP entries)  Enable Port Security  Enable DHCP Snooping.  Question Network admin on requirement of PARP / GARP if present in configuration.  Dynamic Arp Inspection .
  • 11. Cisco Specific Attacks  CDP attacks − Applicable to Cisco IOS based devices.  VTP attacks − Applicable to Cisco Switches.  DTP Attack − Applicable to Cisco IOS based devices.  HSRP Abuse − Applicable to Cisco IOS based devices.
  • 12. Cisco − CDP Attacks  Cisco Discovery Protocol (CDP) allows Cisco Devices to communicate with each other.  CDP communicates is unencrypted , unauthenticated & carries a ton of information.  CDP can be exploited to   CDP DOS (Even WLCs are vulnerable)  Overflow / Pollution / Corruption of CDP Cache  Raking up power bills (POE abuse)  Tools to Use : Yersinia
  • 13. CDP Attacks − Mitigation  Turn CDP Off.  Check with Network guys for any specific requirement of CDP (VOIP phones/Tshoot).  All unused ports shall be shut by default.  BONUS : Different vendors have similar protocols −  Juniper / Huawei LLDP (LLDP Attack Framework)  Brocade FDP  Maipu MDSP
  • 14. Cisco − VTP Attack  Virtual Trunking Protocol (VTP) is used by Cisco to propagate VLAN information.  VTP uses a versioning system with a client server architecture.  Clients sync their configuration with Server to maintain current VLAN database revision.  Attack involves DOS by sending VTP messages in the network.  Tools of Trade : Yersinia
  • 15. VTP Attack − Mitigation  Check with admin if VTP is required, if NO, recommend them to configure switches in transparent mode.  If Yes, check if following parameters are configured correctly   VTP password should be there and shall be md5 encrypted (Service Password Encryption)  Non participating switches should be configured in transparent mode.  VTP pruning should be enabled.  All unused ports shall be shut by default.
  • 16. DTP Attack  Dynamic Trunking Protocol (DTP) negotiates port states between 2 devices.  By default an interface is negotiated to become a Trunk (Tagged) port, hence its name.  One can send RAW DTP packets on Access interface & can make it trunk.  Trunk interface can then be used to escalate/exploit STP/VTP/VLAN based attacks.  Tools of Trade : Yersinia
  • 17. DTP Attack − Mitigation  Turn of DTP by enabling no more auto-negotiation.  Refer below configuration for access (untagged) port, settings are hardcoded , nothing is auto.  All unused ports shall be shut by default.
  • 18. HSRP Abuse  Hot Standby Router Protocol (HSRP) is used for achieving HA between Cisco devices.  Functions in Active/Passive mode, UDP 1985.  Uses multicast, by default password configured in plain text.  Attacker can send raw HSRP packet.  Compromise and become Active device with real or spoofed IP.  Tool to use : Yersinia
  • 19. HSRP Abuse − Mitigation  Use MD5 authentication.  Hardcode everything.
  • 20. Spanning Tree Attacks  Invented by Dr Radia Perlman, Spanning Tree Protocol (STP) is used for providing a loop free topology for a LAN or bridged network.  An attacker can disrupt STP topology by  Masquerading as a rogue switch.  Introducing a real switch in network.  Spoofing Root Switch  Sending malicious BPDU’s  Claiming roles in topology  Tools of Trade : Yersinia
  • 21. Spanning Tree Attacks − Mitigation  Enable Root Guard on Cisco Switches, Root Protection on Juniper Switches.  Enable BPDU Guard on Cisco Switches, BPDU Protection on Juniper Switches.  All unused ports shall be shut by default.
  • 22. Multicast Brute force  Switch receives a number of multicast frames in rapid succession.  Frames to leak into other VLAN instead of containing it on original VLAN.  May lead to DOS.  Rare nowadays.
  • 23. Multicast Brute Force Attack − Mitigation  Buy switches with better queues/buffer and memory support.  Upgrade your supervisors (4500X and above , Cisco Only).
  • 24. VLAN Based Attacks • VLAN Hopping − 802.1Q abuse. • PVLAN − Bypassing Layer 2 segregation logic.
  • 25. VLAN Hopping  VLAN Hopping refers to emulation of a network switch & send frames (802.1Q/ISL).  An attacker can also send double tagged frames on trunk / access interface.  First frame will be stripped by switch and it will forward the frame to outgoing interface.  Since the frame is having one more tag, it will be forwarded as it is to next unintended VLAN.  Tools of Trade : Scapy, Ostinato
  • 26. VLAN Hopping Attack − Mitigation  Disable DTP  Hardcode everything.  Unused ports shall be configured as access (untagged) ports.  Native VLAN segregation.  Management VLAN segregation.  Don’t use VLAN 1 for *anything*.
  • 27. PVLAN Attacks  Community ports can communicate between themselves & promiscuous ports.  This logic can be bypassed using a proxy server or a Layer 3 Device on a promiscuous port.  L3 device will overwrite destination mac on frame & then sends frame back.  Unidirectional attack can be leveraged to a bidirectional attack by compromising hosts.  Tools of Trade : Scapy / Ostinato
  • 28. PVLAN Attacks – Mitigation  Configure ACL on Layer 3 device.
  • 29. Bonus : SNMP Snarfing  Simple Network Management Protocol (SNMP) is used to monitor and manage devices.  Vendor agonistic , has 3 versions, version 1.0 & version 2.0 most commonly used.  Plain text authentication.  Community strings can be bruteforced , fuzzed & hacked.  Wreak havoc using read write community.  Tools of Trade : Ettercap, dsniff.
  • 30. SNMP Snarfing – Mitigation  Use SNMPv3 *only*, don’t use it in backwards compatible mode.  Don’t use community strings with write access.  Be SNMP Aware, don’t let it become “Security is Not My Problem”.
  • 31. Switch Configuration Review  What to look in a sample Switch configuration dump.  Best Practices.  Looking at the big picture.
  • 32. Conclusion  Ensure Switches are managed in a secured manner.  Hardcode everything.  Ensure there is a Change Management process for any Network and Security Changes.  Disable protocols which are not in use (CDP/VTP).  All unused ports should be shut by default.  Use Port-Security.  Use Root Guard/BPDU guard.  Be careful about SNMP community strings.
  • 33. Questions? Reach me out at admin@theprohack.com
  翻译: