Month: December 2011

Telnet Attacks – Ways to compromise remote connection

In this article I am going to explain some of the reasons why we should switch from Telnet to SSH to get our device management secure.

But first few words about Telnet?

More than once we were in the situation where we needed to configure couple of switches and routers in the same time. More precisely, almost every time we are in a situation where we must configure or troubleshoot more devices in the same time.

Of course that we don’t want to reconnect console cable to every other switch every time we want to make a show command on it.

We want to be able to connect to all the devices in the same time and then just use multiple command prompts one for each device. In this manner we are faster in the troubleshooting process and we can make configurations steps without loosing time on transferring the console cable. Furthermore we have better overview on the configuration as we make troubleshooting commands and we can easily compare different configurations just by opening two command prompts one close to other.

Spoofing Attacks – DHCP Server Spoofing

One of the Layer 2 attacks inside a LAN network that is very dangerous for information privacy and LAN integrity is spoofing attack.

This is special kind of attack where attacker can gain access to network traffic by spoofing responses that would be sent by a valid DHCP server. This attack is using a technique ARP spoofing, also called ARP cache poisoning or ARP poison routing (APR) that is a simple LAN attack technique. ARP spoofing will allow an attacker to intercept frames on a LAN, modify the traffic, stop the traffic or simply sniff all the traffic. This is possible because all the communication in LAN is now crossing attackers interface and this communication is vulnerable to packet sniffing.

MAC Address Flooding – MAC address table overflow attacks

MAC address flooding attack is very common security attack. MAC address table in the switch has the MAC addresses available on a given physical port of a switch and the associated VLAN parameters for each.

MAC flooding attacks are sometimes called MAC address table overflow attacks. To understand the mechanism of a MAC address table overflow attack we must recall how does a switch work in the first place.

Switch Security Attacks – Layer 2 Security

Switch Security Attacks are the most popular topic in the switch Layer 2 Security. This is simply because they are dangerous. Cisco device security is surely one of the most interesting topics in the whole Cisco world. In the networking world in general this is also one of the most exciting and dynamic topic of all. In this small article we are starting to talk first of all about Cisco switch security that is followed by more detail articles about every aspect of the security and security issues, treats and troubleshooting in general.

Switch mac address table full of bogus mac addresses acts like a hub

In this picture, a switch is attacked with Mac address flooding attack. This attack will fill up the Mac address table of the switch with bogus source MAC addresses. In that case switch will not have the information own witch port are real MAC addresses of PC A, PC B or PC C. He will broadcast all the traffic from all PC-s to every other. That attack will make all packet sniffing possible from every computer.

 

 

 

Switch security does not stop malicious attacks from occurring if we don’t use some advanced methods in the configuration. In the next few posts, we will speak about some of the most appalling security attacks and how dangerous they are for our network. We will also show you the methods and technologies that exist to prevent these attacks to happen.

When we get to know all this different attacks and see how they can be intent to destroy our switch security, we will feel the need to learn what to do when they happen. In articles on the right side we are showing you how to prevent those attacks from happening and all the configuration that you will need to do on a network switch to prevent intrusions.

Layer 2 security attacks: Layer 2 attacks prevention:
  1. VLAN hopping attacks – Switch Spoofing and Double tagging
  2. STP – Spanning Tree Protocol attack
  3. Mac address flooding
  4. DHCP Server Spoofing
  5. ARP Spoofing
  6. CDP attack
  7.  Telnet Attack
  1. Prevent VLAN hopping attacks attacks – Spoofing and Double tagging
  2. Prevent STP attack
  3. Prevent Mac address Flooding
  4. Prevent DHCP Server Spoofing
  5. Prevent ARP Spoofing
  6. Prevent CDP attack
In the times when is to late for us to defend the network from attack, we must be prepared for some serious troubleshooting and fast solving of security issues. In the next articles about troubleshooting this network security attacks you can read about how to get rid of the problem when is too late to prevent attack to happen.