Before continuing, visit the following link to learn more about MAC address flooding attack (CAM table flooding attack) is a type of network attack where an attacker connected to a switch port floods the switch interface with very large number of with different fake source. MAC flooding attack can soon drain the memory resources allocated for MAC address table and later the switch will start behaving like a. Port Security feature can protect the switch from MAC flooding attacks. Port security feature can also protect the switch from DHCP starvation attacks, where a client start flooding the network with very large number of DHCP requests, each using a different source MAC address. DHCP starvation attacks can result in depletion of available IP addresses in DHCP Server scope. Port security feature is meant for access ports and it will not work on trunk ports, Ether-channel ports or SPAN (Switch Port Analyzer) ports. Concepts of Port Security The goal of Port Security is to prevent a network attacker from sending large number of Ethernet Frames with forged fake source MAC addresses to a Switch interface. This goal is achieved by the following settings, which are related with a switch interface. 1) Enable Port Security Feature. Port security is disabled by default. 'switchport port-security' (at interface configuration mode) command can be used to enables Port Security. OmniSecuSW1(config-if)#switchport port-security 2) Specify a maximum number of MAC addresses allowed on that interface. Remember, it is possible that more that one genuine devices are connected to a switch interface (Example: a phone and a computer). OmniSecuSW1(config-if)#switchport port-security maximum? Pom for windows macbook. Maximum addresses 3) Define the MAC Addresses of known devices, which are going to access the network via that interface. We can do this by either hardcoding the MAC addresses of known devices (statically define the known MAC addresses) or configure 'sticky' MAC Address. Sticky MAC addresses ('switchport port-security mac-address sticky') will allow us to enter dynamically learned MAC addresses to running config. MAC address filtering adds an extra layer to this process. Before letting any device join the network, the router checks the device's MAC address against a list of approved addresses. If the client's address matches one on the router's list, access is granted as usual; otherwise, it's blocked from joining. A MAC address is also referred to as a hardware address or a physical address. Ilife 08 download. The address consists of 12 characters, or hexadecimal digits. Unlike the decimal numerical system you use in everyday life, the hexadecimal system consists of 16 digits: the numerals 0 through 9 and the letters A through F. The default number of known secure MAC addresses is one. OmniSecuSW1(config-if)#switchport port-security mac-address? H.H.H 48 bit mac address sticky Configure dynamic secure addresses as sticky 4) Specify an action to do when a violation occurred on above conditions. When a violation occurs in switch Port Security, Cisco switches can be configured to act in one of the three options explained below. Protect: When 'protect' option is configured and a violation occurred in switch port security, a switch interface drops frames with an unknown source MAC address after the switch port reaches maximum number of allowed MAC addresses. Frames with known source MAC addresses are allowed. No SNMP trap and a syslog message are generated. The 'protect' option is the lowest port security option available. Restrict: When 'restrict' option is configured and a violation occurred in switch port security, a switch interface drops frames with an unknown source MAC address after the switch port reaches maximum number of allowed MAC addresses. The restrict option also sends an SNMP trap and a syslog message and increments a violation counter when a port security violation occurs. Shutdown option sends an SNMP trap and a syslog message also. It also increments a violation counter. Shutdown: When 'shutdown' option is configured and a violation occurred in switch port security, the interface is shut down. Shutdown option sends an SNMP trap and a syslog message also. It also increments a violation counter. Therefore, when a port security violation occurs, the interface is shutdown and no traffic is allowed on that interface. The 'shutdown' option is the highest port security option available. The default violation action is to shut down the port.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |