Q1) Bob is attempting to sniff a wired network in his first pen test contract. Port security can be used to restrict inbound traffic from only a selected set of MAC addresses and limit MAC flooding attack.Configuring Port Security on Cisco switch.When attacker gets ARP reply, this indicates that target host's switch port binding has been restored and attacker can now able to sniff the packets sent toward targeted host.Attacker now manages to steal the target host switch port and sends ARP request to stolen switch port to discover target hosts' IP address.In such case if attacker is fast enough, he will able to direct the packets intended for the target host toward his switch port.A race condition of attacker's flooded packets and target host packets will occur and thus switch has to change his MAC address binding constantly between two different ports.Attacker floods the switch with forged gratuitous ARP packets with target MAC address as source and his own MAC address as destination.Switch Port Stealing sniffing technique uses MAC flooding to sniff the packets.This tool floods the switch's CAM tables (131,000 per min) by sending bogus MAC entries.Macof sends random source MAC and IP addresses.macof is a Unix/Linux tool that is a part of dsniff collection.Switch then acts as a hub by broadcasting packets to all machines on the network and attackers can sniff the traffic easily.įailopen mode: the switch starts behaving as a hub and broadcasts the incoming traffic through all the ports in the network.MAC flooding involves flooding of CAM table with fake MAC address and IP pairs until it is full.This attack will also fill the CAM tables of adjacent switches.This will change the behavior of the switch to reset to it's learning mode, broadcasting on every port similar to a hub.Once the CAM table on the switch is full, additional ARP request traffic will flood every port on the switch.The CAM table stores information such as MAC addresses available on physical ports with their associated VLAN parameters.Each switch has a fixed size dynamic Content Addressable Memory (CAM) table.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |