mac spoofing
the switch is tricked that the same mac address is connected to two different ports... this effectively poisons the cam (or mac table) also known as man in the middle
mitigation port security
arp spoofing
during arp request and reply, an attacker injects a fake reply message using their own mac address masquerading as a legitimate host
mitigation dai dynamic arp inspection
dai performs an ip to mac binding inspection... packets with invalid ip to arp bindings will be dropped
dai
inspects all requests on responses on untrusted ports; only ingress (inbound)
validates intercepted packet ip to mac bindings, before updating the local arp cache, and before forwarding
drops ip to mac binding failures
usually employed with dhcp snooping
for relay agents, use dhcp relay information option 82
ip dhcp snooping limit rate
is used to limit the number of dhcp messages an untrusted interface can receive
network cisco ccna gns3 certification arteq
a network runs through it
No comments:
Post a Comment