Contents. Monitoring, Auditing, Intrusion Detection, Intrusion Prevention, and Penetration Testing CSEC 640

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Contents. Monitoring, Auditing, Intrusion Detection, Intrusion Prevention, and Penetration Testing CSEC 640"

Transcription

1 Contents Topic 1: Analogy... 2 Analogy: Network Traffic... 2 Topic 2: Module Introduction... 4 Topic 3: Layer 2 and Switch Basics... 5 Layer 2 Technology: Ethernet... 5 Layer 2 Switch Operation... 7 Topic 4: Layer 2: MAC Attacks MAC Flooding Attacks MAC Spoofing Attacks Activity Mitigating MAC Attacks Topic 5: Layer 2: Address Resolution Protocol Exploitation Address Resolution Protocol ARP Spoofing Attacks Activity: Try This! Topic 6: Layer 3: Router Vulnerabilities Router Attacks and Vulnerabilities Routing Table Modification Preventing Routing Table Modification Activity: Routing Updates and MD5 Authentication Topic 7: Summary Glossary UMUC 2012 Page 1 of 34

2 Topic 1: Analogy Analogy: Network Traffic Switching and Routing Vulnerabilities Module 3 Analogy: Network Traffic Just as we use stop signs and traffic lights to safely guide vehicles along roads and highways, computer networks use their own traffic guidance systems. On a computer network, traffic is handled using routers and switches that ensure the secure and efficient exchange of data. Consider an analogy comparing vehicle traffic with data traffic. Managing Network Traffic Slide 1 Imagine you are driving and you come to an intersection with four stop signs. It takes a while to cross because everyone has to take turns, and there can be confusion. Now imagine what the traffic would be like if there were an overpass, where one of the roads went over the other. That way, no one would have to stop. This model of an overpass is a simplified way to think of a switch. Slide 2 A switch does the same thing as a hub and a bridge, but more effectively. A switch lets you add computers to your network and makes virtual connections between computers that need to "talk" to each other. As soon as the computers have finished talking to each other, the virtual connection is broken. Breaking the connection right away eliminates collisions in network traffic. The only shortcoming of a switch is that it will not keep a broadcast from tying up the communication lines. When one computer needs to find the address of another computer, it sends out a broadcast over the whole network to find the address. Each computer in the network receives the broadcast and looks to see if it is the intended recipient. The broadcast can occupy the network because none of the other computers can send a message while it is taking place. Routers solve this problem. Slide 3 Routers do everything that a switch does, but they use a different method to address the packets of information they use IP addresses. A router acts like a post office. It decides the best route that a packet can take to get to different networks. A router can divide your network into different subnetworks and contain a broadcast within a smaller area so that the whole network does not need to receive the broadcast. The router keeps your resources from being tied up with unnecessary network traffic jams. This process is like taking a city that is, your network and dividing it into neighborhoods. When the residents in one locality want to publicize a neighborhood watch meeting, they can tell UMUC 2012 Page 2 of 34

3 the post office to mail fliers only within that neighborhood so the post office does not waste resources sending notices to distant areas. A router can perform exactly this type of role, if it is so programmed. UMUC 2012 Page 3 of 34

4 Topic 2: Module Introduction In the TCP/IP model, the higher layers such as the application layer, TCP layer, and IP layer are all based on the Layer 2 (data link layer) technologies. This module provides a background on Layer 2 technologies, such as Ethernet, followed by a look at the operation of Layer 2 switches. The module also discusses Media Access Control (MAC) attacks and their mitigation, exploitation of the Address Resolution Protocol (ARP), and router (Layer 3) vulnerabilities. UMUC 2012 Page 4 of 34

5 Topic 3: Layer 2 and Switch Basics Layer 2 Technology: Ethernet Ethernet is a group of Layer 2 protocols for local area networks (LANs). Ethernet is the most predominant LAN standard. Most often, the term Ethernet is used to signify IEEE Introduction The network interface card (NIC) of a host PC, printer, or server is connected to a Layer 2 device, such as a switch or hub. The IEEE protocol specifies how a message is framed and transmitted on the Layer 1 wire by the NIC. Like all other hardware in the network, the NIC has a unique address called a Media Access Control (MAC) address. MAC addresses are 48-bit-long unique identifiers written into hardware devices by their manufacturers. These addresses are expressed as 12 hexadecimal digits and used by most Layer 2 technologies including Ethernet. An example of a MAC address is 5C-26-0A A. A user can find the MAC address of a PC by entering the command ipconfig/all in the Windows command prompt. The Ethernet Frame The Ethernet frame is used to transmit data from a source to a destination and ranges from 72 to 1,518 bytes in length. Destination/Source MAC Addresses The Destination/Source MAC Addresses field specifies the MAC addresses of the source and destination hosts. For instance, consider a network with a Host A PC and a Host B PC. The MAC addresses of Host A and Host B are A and 5A A, respectively. If Host A sends a frame to Host B, the source MAC address in the frame becomes A, Host A s MAC address. The destination MAC address becomes 5A A, or Host B s MAC address. A switch routes this frame based on the source and destination MAC addresses. UMUC 2012 Page 5 of 34

6 Type The Type field indicates the Layer 3 protocol in the Data field. For instance: If the Type field contains a value of 0x0800, the Data field contains an IP packet. If the Type field contains a value of 0x0806, the Data field contains an Address Resolution Protocol (ARP) message. UMUC 2012 Page 6 of 34

7 Topic 3: Layer 2 and Switch Basics Layer 2 Switch Operation Layer 2 devices, such as switches, route an Ethernet frame based on the source and destination MAC addresses. A switch relies on a forwarding table to forward a frame to a destination MAC address just as a router uses a routing table to forward an IP packet to a destination IP address. The forwarding table is called a MAC address table or a content addressable memory (CAM) table. This module uses the term MAC table to refer to the CAM table. Initially, the MAC table of a switch is empty; the switch does not know the MAC address of a PC, printer, or any other attached device. Consider the following example: a LAN consists of Host A with a MAC address of AAAA, Host B with a MAC address of BBBB, Host C with a MAC address of CCCC, and a switch. Note that in the real world, MAC addresses are 48 bits long; the addresses used here are shortened to simplify the example. Hosts A, B, and C are connected to the first, second, and third Ethernet ports, Fa0/1, Fa0/2, and Fa0/3, respectively. Assume that the switch s MAC table can hold only two entries. In reality, MAC tables have much larger capacities. Example Step 1 Initially, the MAC table is empty. A frame originating from Host A arrives at the first Ethernet port on the switch (Fa 0/1). Host A wants to communicate with a host whose MAC address is BBBB, the destination address in the frame. The switch inspects the source MAC address to determine whether there is already an existing entry in the table. Since the MAC table is empty, a new entry is made that records the source MAC address and the port number. By recording these details in the MAC table, the switch specifies where to send a frame when it needs to be sent to the source MAC address. UMUC 2012 Page 7 of 34

8 Step 2 Since the switch does not know where the destination MAC address BBBB is, it simply floods the frame on all active ports. In other words, the switch sends a copy of the frame to every port in the LAN, hoping that the frame will reach the destination host. In this example, the switch floods the frame on Fa 0/2 and Fa 0/3. This process is known as unknown unicast flooding. Step 3 When Host B, the intended recipient of the frame, receives the frame, it replies with a response frame. In this frame, note that the source and destination MAC addresses are reversed compared to the original frame that Host A sent. When the switch receives this frame, it tries once again to search for a match in its MAC table. Since there is no match, a new entry is added to the MAC table, recording the MAC address BBBB and the port Fa 0/2. In this example, since the MAC table can hold only two entries, it is at capacity. UMUC 2012 Page 8 of 34

9 Step 4 Once the MAC table is full, Host A sends a frame whose source address is AAAA and destination address is BBBB. The switch receives the frame and inspects the destination MAC address to check for a corresponding entry in the MAC table. Since the second entry is a match, the switch forwards the frame to port Fa 0/2 (Host B). UMUC 2012 Page 9 of 34

10 Topic 4: Layer 2: MAC Attacks MAC Flooding Attacks What Is a MAC Flooding Attack? When a switch s MAC table becomes full, the switch begins to flood frames on all active ports. In other words, when the switch begins to flood all active ports, any host on the same LAN can intercept any other frame regardless of its destination MAC address. In a flooding attack, an attacker tries to create a permanently full MAC table that will force the switch to flood (broadcast) all traffic on all active ports. The attack is launched from one of the ports on a LAN so all communication taking place on that LAN is visible to the attacker. This visibility enables the attacker to monitor all frames passed through the switch and to obtain useful, sensitive information, including the data in the frame, the MAC address, and the IP address of the victim host. Example: MAC Flooding Attack Step 1 The attacker generates a continuous set of frames with random source and destination MAC addresses using tools such as MACOF, Ettercap, or Yersinia. Since the MAC table of the switch has limited storage, it eventually runs out of space and cannot add new entries. UMUC 2012 Page 10 of 34

11 Step 2 The victim host tries to communicate with another host. Step 3 Since there is no corresponding MAC table entry for the destination host, every frame sent by the victim host will be flooded to all ports. The attacker can see all the traffic sent from the victim host. UMUC 2012 Page 11 of 34

12 Topic 4: Layer 2: MAC Attacks MAC Spoofing Attacks What Is a MAC Spoofing Attack? In a MAC spoofing attack, the attacker first identifies the MAC address of a victim host by launching a MAC flooding attack on a LAN. The attacker then generates a fake frame by entering the victim s MAC address in the source field of the fake frame. The switch receives the fake frame from the attacker s host and updates its MAC table accordingly. Example: MAC Spoofing Attack Step 1 The attacker s host performs a MAC flooding attack and obtains useful information about its neighboring hosts, such as MAC and IP addresses. The attacker crafts a frame with the source MAC address BBBB, the MAC address of Host B. Step 2 Upon receiving the attacker s frame, the switch accordingly updates its MAC table with the MAC address BBBB and its corresponding interface, Fa 0/3, which points to the attacker. UMUC 2012 Page 12 of 34

13 Step 3 The victim sends a frame with a destination MAC address of BBBB. The switch finds a match in the MAC table and forwards the frame to the attacker s host rather than to the intended host, Host B. UMUC 2012 Page 13 of 34

14 Topic 4: Layer 2: MAC Attacks Activity You will now be presented with a few questions based on Layer 2 and MAC attacks. Question 1: On what basis do Layer 2 devices such as switches route Ethernet frames? a. Layer 2 devices route Ethernet frames based on IP addresses. b. Layer 2 devices route Ethernet frames based on MAC addresses. c. Layer 2 devices route Ethernet frames based on the IP address table. Correct answer: Option b Feedback: Layer 2 devices such as switches route Ethernet frames based on the source and destination MAC addresses. A switch relies on a MAC table to forward a frame to a destination MAC address, just as a router uses a routing table to forward an IP packet to a destination IP address. Question 2: Which of the following scenarios describes unknown unicast flooding? a. A switch flooding an Ethernet frame on all active ports when it cannot locate a source MAC address b. A switch attempting to make additional entries in a MAC table that is at capacity c. A switch flooding an Ethernet frame on all active ports when it cannot locate a destination MAC address d. Ethernet frames being sent without a destination MAC address Correct answer: Option c Feedback: In unknown unicast flooding, when a switch cannot locate a particular destination MAC address, it will simply flood an Ethernet frame on all active ports, hoping that the frame will reach the destination host. Question 3: Which of the following statements describes a MAC flooding attack? a. An attacker tries to create a permanently full MAC table that will force a switch to flood traffic on all active ports. b. An attacker attempts to inject fake or misleading MAC addresses into a MAC table. c. An attacker generates a fake frame by entering the victim s MAC address in the source field of the fake frame. Correct answer: Option a Feedback: In a MAC flooding attack, an attacker tries to create a permanently full MAC table that forces the switch to flood all traffic on all active ports. The attack is launched from one of the ports on a LAN so all communication taking place on that LAN is visible to the attacker. This visibility enables the attacker to monitor all frames passed through the switch and obtain useful information. UMUC 2012 Page 14 of 34

15 Topic 4: Layer 2: MAC Attacks Mitigating MAC Attacks Some common ways to prevent or mitigate MAC flooding and spoofing attacks include implementing measures such as port security and unicast flood protection. Port Security Port security ties a given MAC address to a port by preventing any MAC addresses other than the preconfigured ones from showing up on a secure port. Upon detection of an invalid MAC address, the switch can be configured to block only the offending MAC or to simply shut down the port. For instance, in a Cisco switch, you can assign a secure MAC address to a secure port using the command, (config-if) switchport port-security mac-address 001E.1345.AE32. If an attacker s machine sends a frame with a source MAC address other than 001E.1345.AE32 to the securely configured port, the switch will block or shut down the port. Port security prevents MAC flooding and spoofing attacks. Unicast Flood Protection A switch floods an incoming frame on all active ports if it cannot find a corresponding entry in the MAC table or if the MAC table is full. The unicast flood protection feature allows a system administrator to set a limit on the number of unicast floods. When flood protection detects unknown unicast floods exceeding the predefined limit, it sends an alert and shuts down the port that is generating the floods. UMUC 2012 Page 15 of 34

16 Topic 5: Layer 2: Address Resolution Protocol Exploitation Address Resolution Protocol Address Resolution Protocol (ARP) is a protocol used to find the MAC address of a host when the IP address of the host is known. How Does ARP Work? Consider an example to see how ARP works. Assume that Host A, with the IP address /24, needs to send a frame to a destination host with the IP address of /24. To send the frame, Host A needs to know the MAC address of the destination host. By comparing its own IP address with the destination host s IP address, Host A knows that the destination host is part of the same LAN as itself. Host A sends an Ethernet broadcast frame. Note that the standard address for Ethernet broadcasts is FFFF.FFFF.FFFF. Upon receiving the broadcast frame, the switch floods the frame on all ports in the LAN, and all the hosts in the LAN receive this broadcast frame. This broadcast frame is known as an ARP request. Host B and Host C receive the ARP request from Host A. Host C sends a solicited ARP reply to Host A. The ARP reply contains Host C s MAC address and IP address. Upon receiving the ARP reply, Host A knows the MAC address of the host whose corresponding IP address is UMUC 2012 Page 16 of 34

17 What Is Gratuitous ARP? Consider an example to understand Gratuitous ARP. Sending a Gratuitous ARP means sending an ARP reply when no ARP request has been made. Host C sends an unsolicited ARP reply to the broadcast address FFFF.FFFF.FFFF to tell its neighboring hosts in the LAN that its MAC address is CCCC. UMUC 2012 Page 17 of 34

18 Topic 5: Layer 2: Address Resolution Protocol Exploitation ARP Spoofing Attacks An ARP spoofing attack, also known as ARP poisoning, enables an attacker to sniff out all IP packets sent to the target host. Consider an example of how an ARP spoofing attack is carried out. Step 1 The attack is initiated by a host with the IP address The attacker s host machine sends a fake Gratuitous ARP to Host A. The fake Gratuitous ARP tells Host A that is tied to the MAC address of BBBB. Note that is actually tied to Host C, not the attacker. Upon receiving the ARP request, Host A adds a new entry to its ARP table, correlating the MAC address BBBB with the IP address Step 2 As seen with the frame sent by Host A, all the IP packets intended for Host C are sent to the attacker s MAC address. This is because Host A believes that Host C s MAC address is BBBB, which is actually the attacker s MAC address. UMUC 2012 Page 18 of 34

19 Step 3 As soon as the attacker receives the packet from Host A, it masquerades as Host C by sending an acknowledgment packet back to Host A. Step 4 The attacker forwards the packet originally sent by Host A to Host C. Host C believes that this packet is from Host A. The attacker has achieved its goal, which is to intercept and read, or sniff, the packet originating from Host A. UMUC 2012 Page 19 of 34

20 Topic 5: Layer 2: Address Resolution Protocol Exploitation Activity: Try This! Consider an example of a network with an attacker and two hosts, as shown here in Diagram A and Diagram B. After the attacker s host sends a fake Gratuitous ARP to Host A in Diagram A, and Step 1 and Step 2 are completed in Diagram B, which of the following options would correctly reflect the values in the switch s MAC table? Assume that the MAC table is initially empty. Diagram A Diagram B UMUC 2012 Page 20 of 34

21 a. MAC Address Interface 1. AAAA Fa 0/1 2. BBBB Fa 0/2 b. MAC Address Interface 1. BBBB Fa 0/2 2. AAAA Fa 0/1 c. MAC Address Interface 1. BBBB Fa 0/2 2. CCCC Fa 0/3 Correct answer: Option b Feedback: The source MAC address of the Gratuitous ARP frame sent to Host A is BBBB. This frame originates from the attacker s host and is forwarded to switch port Fa0/2. Therefore, the first line in the MAC table is filled with BBBB as the MAC address and Fa0/2 as the interface. When Host A sends an IP packet intended for Host C (Step1 in Diagram B), the source MAC address of the frame is AAAA and that frame is sent to switch port Fa 0/1. As a result, the second line of the MAC table contains AAAA as the MAC address and Fa 0/1 as the interface. UMUC 2012 Page 21 of 34

22 Topic 6: Layer 3: Router Vulnerabilities Router Attacks and Vulnerabilities A router is a network device that routes IP packets across computer networks. Since a router deals with IP packets, it is a Layer 3 device. When a packet arrives at a router, the router inspects the IP header of the packet. Based on the destination and source IP addresses, the router decides to which network device it will forward the packet. Routers are prone to various types of attacks. Routing Table Modification Routing table modification, also known as a rerouting attack, is a common vulnerability unique to routers. This attack involves manipulating router updates to route traffic to unwanted destinations. Other Common Attacks Other common router attacks include: Accessing and exploiting vulnerabilities: An attacker may exploit known vulnerabilities in running services such as Hypertext Transfer Protocol (HTTP), Domain Name System (DNS), and Dynamic Host Configuration Protocol (DHCP), or through brute force password guessing. An attacker may also attempt to exploit known vulnerabilities in the router s operating software or protocols. Launching denial of service (DoS) attacks: An attacker may perform various types of DoS attacks. UMUC 2012 Page 22 of 34

23 Topic 6: Layer 3: Router Vulnerabilities Routing Table Modification Routers exchange information with each other to build their own routing tables. Attackers use this act of exchanging information as an opportunity to destabilize or damage networks. Introduction Dynamic routing protocols such as Routing Information Protocol (RIP), Open Shortest Path First (OSPF), and Enhanced Interior Gateway Routing Protocol (EIGRP) help determine the path of a packet through a network without having to manually configure it. Routers build routing tables by exchanging routing information with each other. When a packet arrives at a router, it routes the packet based on this table. Attackers try to inject bogus entries into routing tables in an attempt to compromise network stability. If a routing table is inaccurate, packets could end up being dropped as they are routed to invalid destinations. This significantly decreases the stability of the network. Example: Routing Table Modification As seen in this diagram, if a router uses the RIP version 1 routing protocol that does not implement authentication or is not correctly configured, an attacker can send false routing update packets to contaminate the routing table. Without security measures in place, routers send routing updates in clear text. This enables an attacker to masquerade as a trusted neighbor, send a bogus routing update, and pollute the routing table. UMUC 2012 Page 23 of 34

24 Topic 6: Layer 3: Router Vulnerabilities Preventing Routing Table Modification Introduction Network administrators can use routing protocols with authentication to prevent attacks based on unauthorized routing changes. Authenticated router updates ensure that the update messages come from a legitimate source. The most commonly used form of authentication for routing protocol updates is MD5 authentication. This method is used to detect any unauthorized or false routing messages from unknown sources. All dynamic routing protocols except RIP version 1 implement MD5 authentication. Step 1 Router A uses its routing update along with the preshared key as an input to the hash function. Then the hash function produces a keyed hash. Step 2 Router A sends Router B a packet containing the keyed hash along with the routing update. Note that the routing update is clear text. UMUC 2012 Page 24 of 34

25 Step 3 Router B uses the routing update from Router A as an input to the hash function and obtains a keyed hash from the hash function. Step 4 Router B compares the keyed hash it generated on the routing update, using the preshared key, with the keyed hash received from Router A. If the two hash values match, Router B knows two things for certain: The routing update has originated from Router A (authentication). The routing update has not been modified in transit (integrity). UMUC 2012 Page 25 of 34

26 Topic 6: Layer 3: Router Vulnerabilities Activity: Routing Updates and MD5 Authentication Introduction Consider an example of a network that contains two routers: Router A and Router B. Both routers are running the dynamic routing protocol RIP version 2. Network Path Analysis The diagram shows the routing table of Router B. As seen in the diagram, the dynamic routing protocol RIP version 2 is currently running on both routers. RIP version 2 is an enhanced version of the RIP version 1 routing protocol. As is the case with any dynamic routing protocol, a router needs to send and receive routing updates to and from its neighboring routers to build a routing table. Routing Table Analysis A routing table contains multiple rows. Each row contains at least two fields: a destination address and the name of the interface where the IP packet should be routed, or the IP address of another router that will carry the IP packet on its next step through the network. For example, consider the routing table of Router B. We can interpret the line starting with R in the routing table as to reach the destination network , which is a network behind Router A, a packet must be forwarded to the interface of Router A. To build a routing table, routers must exchange their routing information with their neighboring routers. In this example, Router A has only one network, /24, attached to itself. Therefore, when Router A sends its routing update to Router B, this network address, /24, must be included in the update payload. In addition, when RIP version 2 is configured to support MD5 authentication, a keyed hash (also called keyed message digest) is also included in Router A s routing update, along with the routing update payload, which is clear text. UMUC 2012 Page 26 of 34

27 Reference: Cain & Abel product screenshot reprinted with permission from Massimiliano Montoro, the developer of Cain & Abel. UMUC 2012 Page 27 of 34

28 Workspace Screenshot A Reference: Wireshark product screenshot reprinted with permission from the Wireshark Foundation. Screenshot B Reference: Wireshark product screenshot reprinted with permission from the Wireshark Foundation. UMUC 2012 Page 28 of 34

29 Question 1: Which of these screenshots shows an MD5 authenticated routing update sent by Router A? a. Screenshot A b. Screenshot B Correct answer: Option b Feedback: The routing update in Screenshot B has an Authentication: Keyed Message Digest field. This clearly indicates that this update is sent by Router A, which supports MD5 authentication. Question 2: The keyed hash or message digest value used in the routing update is 54 ee c9 71 a1 dbea 33 ba fb 2b af 20 8a. a. True b. False Correct answer: Option a Feedback: The keyed hash or message digest value used in the routing update is54 ee c9 71 a1 dbea 33 ba fb 2b af 20 8a.In Screenshot B, you can see the Authentication: Keyed Message Digest field. In this authentication field, you can easily observe a long numerical hash value 54 ee c9 71 a1 dbea 33 ba fb 2b af 20 8a. This hash value is included in the Authentication Data Trailer field within the Authentication: Keyed Message Digest field. Review Step 1 Once again, consider the example of Router A and Router B, both of which are running RIP version 2. A keyed MD5 hash can also be cracked easily if a system administrator uses a simple password or preshared key to generate the keyed hash. To illustrate the point, assume that the password "flower" was used when configuring routers A and B for MD5 authentication. Also, assume that a packet sniffer, Cain & Abel, is being used to sniff out a routing update originating from Router A. UMUC 2012 Page 29 of 34

30 Step 2 In sniffing mode, Cain & Abel sniffs routing updates and produces an output as shown in this screenshot. The fields shown include Router, Version, Auth Type, and Last Hash. The Router field contains two IP addresses: and , which belong to routers A and B respectively, as shown previously in the network diagram. A value of 2 in the Version field indicates that RIP version 2 is running on both routers. The value MD5 in the Auth Type field implies that MD5 authentication is being used for keyed hashing. Finally, the Last Hash field shows the actual hash value being used. Reference: Cain & Abel product screenshot reprinted with permission from Massimiliano Montoro, the developer of Cain & Abel. UMUC 2012 Page 30 of 34

31 Step 3 Cain & Abel is first used in sniffing mode and then as a password-cracking tool. Applying a dictionary attack, the intruder can easily identify the password flower. Reference: Cain & Abel product screenshot reprinted with permission from Massimiliano Montoro, the developer of Cain & Abel. Further Challenges Measure the performance degradation or average delay time caused by the MD5 authenticated routing update with respect to EIGRP, RIP version 2, and OSPF routing protocols. Which routing protocol will suffer most from the performance degradation as the number of routers participating in routing updates increases? UMUC 2012 Page 31 of 34

32 Topic 7: Summary We have come to the end of Module 3. The key concepts covered in this module are listed below. Ethernet is a group of Layer 2 protocols for local area network (LANs). IEEE Ethernet is the most predominant LAN standard. Layer 3 devices, such as routers, route packets based on the source and destination IP addresses. Layer 2 devices, such as switches, route an Ethernet frame based on the source and destination MAC addresses. In a MAC flooding attack, the attacker creates a permanently full MAC table that forces the switch to flood all traffic on all active ports. For a MAC spoofing attack, the attacker first needs to find the MAC address of a victim host by launching a MAC flooding attack on a LAN. The attacker can then generate a fake frame by putting the victim s MAC address in the source field of the fake frame. The switch receives the fake frame from the attacker s host and updates its MAC table accordingly. Address Resolution Protocol (ARP) is a protocol used to find the MAC address of a host, given that its IP address is known. The goal of an ARP spoofing attack is to enable the attacker to sniff out all IP packets sent to the target host. A router routes IP packets across computer networks. Routing table modification, also known as a rerouting attack, is a common vulnerability unique to routers. This attack involves manipulating router updates to route traffic to unwanted destinations. The most commonly used form of authentication for routing protocol updates is MD5 authentication. This form of authentication is used to detect any unauthorized or false routing messages from unknown sources. All dynamic routing protocols except RIP version 1 implement MD5 authentication. UMUC 2012 Page 32 of 34

33 Glossary Term Address Resolution Protocol (ARP) ARP Spoofing Attack Content Addressable Memory (CAM) Table Denial of Service (DoS) Dynamic Host Configuration Protocol (DHCP) Domain Name System (DNS) Enhanced Interior Gateway Routing Protocol (EIGRP) Ethernet Ettercap Hypertext Transfer Protocol (HTTP) Media Access Control (MAC) Address MAC Flooding Attack MACOF Definition Address Resolution Protocol (ARP) is a protocol used to find the MAC address of a host when the IP address of the host is known. An ARP spoofing attack is also known as ARP poisoning. The goal of such an attack is to enable the attacker to sniff out all IP packets sent to the target host. A switch relies on a forwarding table to forward a frame to a destination MAC address. The forwarding table is called a MAC address table or a content addressable memory (CAM) table. DoS attacks flood a target site with large volumes of traffic using zombie servers. This flood of traffic consumes all of the target site s network or system resources and denies access to legitimate users. DHCP enables servers to distribute Internet Protocol (IP) addresses and configuration data to clients in a network. The DNS translates Internet domain names such as into Internet Protocol (IP) addresses. EIGRP is an interior gateway protocol that enables efficient exchange of routing updates between routers. Ethernet is a group of Layer 2 protocols for local area network (LANs). IEEE Ethernet is the most predominant LAN standard. Usually, the term Ethernet is used to signify IEEE Ettercap is a network tool for carrying out man-in-the-middle attacks on a LAN. HTTP transmits Web pages to clients. A network interface card (NIC) has a unique address called a Media Access Control (MAC) address. MAC addresses are 48-bit long unique identifiers written into hardware devices by their manufacturers. These addresses are expressed as 12 hexadecimal digits and used by most Layer 2 technologies including Ethernet. In a MAC flooding attack, the attacker creates a permanently full MAC table that forces the switch to flood all traffic on all active ports. MACOF is a tool that can generate random MAC addresses to overload the switch of a network and access data passing through the switch. UMUC 2012 Page 33 of 34

34 Term MAC Spoofing Attack MD5 Authentication Network Interface Card (NIC) Open Shortest Path First (OSPF) Port Security Routing Information Protocol (RIP) Routing Table Modification Definition In a MAC spoofing attack, the attacker first finds the MAC address of a victim host by launching a MAC flooding attack on a LAN. The attacker can then generate a fake frame by putting the victim s MAC address in the source field of the fake frame. The switch receives the fake frame from the attacker s host and updates its MAC table accordingly. The most commonly used form of authentication for routing protocol updates is MD5 authentication. This form of authentication is used to detect any unauthorized or false routing messages from unknown sources. All dynamic routing protocols except RIP version 1 implement MD5 authentication. A network interface card is a piece of hardware that is used to connect a computer to a network. OSPF is a dynamic routing protocol that enables routers to share routes with other routers. Port security ties a given MAC address to a port by preventing any MAC addresses other than the preconfigured ones from showing up on a secure port. RIP is a dynamic routing protocol used by local area homogenous networks to ensure that all hosts in the network share the same routing path data. Routing table modification, also known as a rerouting attack, is a common vulnerability unique to routers. This attack involves manipulating router updates to route traffic to unwanted destinations. Unicast Flood Protection The unicast flood protection feature allows a system administrator to set a limit on the number of unicast floods. When flood protection detects unknown unicast floods exceeding the predefined limit, it sends an alert and shuts down the port that is generating the floods. Yersinia Yersinia is a network tool designed to exploit weaknesses in LAN-based network protocols. UMUC 2012 Page 34 of 34

Packet Sniffing on Layer 2 Switched Local Area Networks

Packet Sniffing on Layer 2 Switched Local Area Networks Packet Sniffing on Layer 2 Switched Local Area Networks Ryan Spangler ryan@packetwatch.net Packetwatch Research http://www.packetwatch.net December 2003 Abstract Packet sniffing is a technique of monitoring

More information

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet CCNA R&S: Introduction to Networks Chapter 5: Ethernet 5.0.1.1 Introduction The OSI physical layer provides the means to transport the bits that make up a data link layer frame across the network media.

More information

BASIC ANALYSIS OF TCP/IP NETWORKS

BASIC ANALYSIS OF TCP/IP NETWORKS BASIC ANALYSIS OF TCP/IP NETWORKS INTRODUCTION Communication analysis provides powerful tool for maintenance, performance monitoring, attack detection, and problems fixing in computer networks. Today networks

More information

Network Security. Topology. Spring 2014. This is the logical topology of the network environment used for testing.

Network Security. Topology. Spring 2014. This is the logical topology of the network environment used for testing. Course: 1DV447 Advanced LAN Technologies Network Security Spring 2014 Topology This is the logical topology of the network environment used for testing. 1/ Introduction The area i want to focus on is network

More information

Own your LAN with Arp Poison Routing

Own your LAN with Arp Poison Routing Own your LAN with Arp Poison Routing By: Rorik Koster April 17, 2006 Security is a popular buzzword heard every day throughout our American culture and possibly even more so in our global economy. From

More information

Lab Exercise Ethernet

Lab Exercise Ethernet Lab Exercise Ethernet Objective To explore the details of Ethernet frames. Ethernet is a popular link layer protocol. Modern computers connect to Ethernet switches rather than use classic Ethernet. The

More information

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols Guide to TCP/IP, Third Edition Chapter 3: Data Link and Network Layer TCP/IP Protocols Objectives Understand the role that data link protocols, such as SLIP and PPP, play for TCP/IP Distinguish among various

More information

Lab VI Capturing and monitoring the network traffic

Lab VI Capturing and monitoring the network traffic Lab VI Capturing and monitoring the network traffic 1. Goals To gain general knowledge about the network analyzers and to understand their utility To learn how to use network traffic analyzer tools (Wireshark)

More information

Cisco Configuring Commonly Used IP ACLs

Cisco Configuring Commonly Used IP ACLs Table of Contents Configuring Commonly Used IP ACLs...1 Introduction...1 Prerequisites...2 Hardware and Software Versions...3 Configuration Examples...3 Allow a Select Host to Access the Network...3 Allow

More information

What is VLAN Routing?

What is VLAN Routing? Application Note #38 February 2004 What is VLAN Routing? This Application Notes relates to the following Dell product(s): 6024 and 6024F 33xx Abstract Virtual LANs (VLANs) offer a method of dividing one

More information

The Trivial Cisco IP Phones Compromise

The Trivial Cisco IP Phones Compromise Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002

More information

Lab - Using Wireshark to Observe the TCP 3-Way Handshake

Lab - Using Wireshark to Observe the TCP 3-Way Handshake Topology Objectives Part 1: Prepare Wireshark to Capture Packets Select an appropriate NIC interface to capture packets. Part 2: Capture, Locate, and Examine Packets Capture a web session to www.google.com.

More information

Securing end devices

Securing end devices Securing end devices Securing the network edge is already covered. Infrastructure devices in the LAN Workstations Servers IP phones Access points Storage area networking (SAN) devices. Endpoint Security

More information

A Research Study on Packet Sniffing Tool TCPDUMP

A Research Study on Packet Sniffing Tool TCPDUMP A Research Study on Packet Sniffing Tool TCPDUMP ANSHUL GUPTA SURESH GYAN VIHAR UNIVERSITY, INDIA ABSTRACT Packet sniffer is a technique of monitoring every packet that crosses the network. By using this

More information

Layer 3 Routing User s Manual

Layer 3 Routing User s Manual User s Manual Second Edition, July 2011 www.moxa.com/product 2011 Moxa Inc. All rights reserved. User s Manual The software described in this manual is furnished under a license agreement and may be used

More information

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006 WIRELESS SECURITY Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Wireless LAN Security Learning Objectives Students should be able

More information

Tools for Attacking Layer 2 Network Infrastructure

Tools for Attacking Layer 2 Network Infrastructure Tools for Attacking Layer 2 Network Infrastructure Kai-Hau Yeung, Dereck Fung, and Kin-Yeung Wong Abstract Data Link layer is considered as the weakest link in a secured network. If an initial attack comes

More information

Security Technology White Paper

Security Technology White Paper Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without

More information

Internet Control Protocols Reading: Chapter 3

Internet Control Protocols Reading: Chapter 3 Internet Control Protocols Reading: Chapter 3 ARP - RFC 826, STD 37 DHCP - RFC 2131 ICMP - RFC 0792, STD 05 1 Goals of Today s Lecture Bootstrapping an end host Learning its own configuration parameters

More information

Computer Networks I Laboratory Exercise 1

Computer Networks I Laboratory Exercise 1 Computer Networks I Laboratory Exercise 1 The lab is divided into two parts where the first part is a basic PC network TCP/IP configuration and connection to the Internet. The second part is building a

More information

Transport and Network Layer

Transport and Network Layer Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a

More information

co Characterizing and Tracing Packet Floods Using Cisco R

co Characterizing and Tracing Packet Floods Using Cisco R co Characterizing and Tracing Packet Floods Using Cisco R Table of Contents Characterizing and Tracing Packet Floods Using Cisco Routers...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1

More information

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Session Hijacking Exploiting TCP, UDP and HTTP Sessions Session Hijacking Exploiting TCP, UDP and HTTP Sessions Shray Kapoor shray.kapoor@gmail.com Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being

More information

Building Secure Network Infrastructure For LANs

Building Secure Network Infrastructure For LANs Building Secure Network Infrastructure For LANs Yeung, K., Hau; and Leung, T., Chuen Abstract This paper discusses the building of secure network infrastructure for local area networks. It first gives

More information

This Lecture. The Internet and Sockets. The Start 1969. If everyone just sends a small packet of data, they can all use the line at the same.

This Lecture. The Internet and Sockets. The Start 1969. If everyone just sends a small packet of data, they can all use the line at the same. This Lecture The Internet and Sockets Computer Security Tom Chothia How the Internet works. Some History TCP/IP Some useful network tools: Nmap, WireShark Some common attacks: The attacker controls the

More information

Protecting and controlling Virtual LANs by Linux router-firewall

Protecting and controlling Virtual LANs by Linux router-firewall Protecting and controlling Virtual LANs by Linux router-firewall Tihomir Katić Mile Šikić Krešimir Šikić Faculty of Electrical Engineering and Computing University of Zagreb Unska 3, HR 10000 Zagreb, Croatia

More information

Catalyst Layer 3 Switch for Wake On LAN Support Across VLANs Configuration Example

Catalyst Layer 3 Switch for Wake On LAN Support Across VLANs Configuration Example Catalyst Layer 3 Switch for Wake On LAN Support Across VLANs Configuration Example Document ID: 91672 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information

More information

Packet Sniffers Submitted in partial fulfillment of the requirement for the award of degree Of MCA

Packet Sniffers Submitted in partial fulfillment of the requirement for the award of degree Of MCA A Seminar report On Packet Sniffers Submitted in partial fulfillment of the requirement for the award of degree Of MCA SUBMITTED TO: www.studymafia.org SUBMITTED BY: www.studymafia.org Preface I have made

More information

Unit 4. Address Resolution. Overview. Description. Unit Table of Contents

Unit 4. Address Resolution. Overview. Description. Unit Table of Contents Unit 4 Address Resolution Overview Description IP addresses are assigned to hosts and are logically independent of their physical address. The network-layer software must depend on the data link layer

More information

Wireless Security: Secure and Public Networks Kory Kirk

Wireless Security: Secure and Public Networks Kory Kirk Wireless Security: Secure and Public Networks Kory Kirk Villanova University Computer Science kory.kirk@villanova.edu www.korykirk.com/ Abstract Due to the increasing amount of wireless access points that

More information

UPPER LAYER SWITCHING

UPPER LAYER SWITCHING 52-20-40 DATA COMMUNICATIONS MANAGEMENT UPPER LAYER SWITCHING Gilbert Held INSIDE Upper Layer Operations; Address Translation; Layer 3 Switching; Layer 4 Switching OVERVIEW The first series of LAN switches

More information

Topics in Network Security

Topics in Network Security Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure

More information

CCNA Exploration: Accessing the WAN Chapter 7 Case Study

CCNA Exploration: Accessing the WAN Chapter 7 Case Study Objectives: Mitigate attacks based on DHCP rogue servers. Intro: ChurchBells Inc. is having connectivity issues and needs your help. The Scenario: According to the reports, some user PCs within the company

More information

Linux Network Security

Linux Network Security Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols

More information

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address Objectives University of Jordan Faculty of Engineering & Technology Computer Engineering Department Computer Networks Laboratory 907528 Lab.4 Basic Network Operation and Troubleshooting 1. To become familiar

More information

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet Review questions 1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet C Media access method D Packages 2 To which TCP/IP architecture layer

More information

Zarząd (7 osób) F inanse (13 osób) M arketing (7 osób) S przedaż (16 osób) K adry (15 osób)

Zarząd (7 osób) F inanse (13 osób) M arketing (7 osób) S przedaż (16 osób) K adry (15 osób) QUESTION NO: 8 David, your TestKing trainee, asks you about basic characteristics of switches and hubs for network connectivity. What should you tell him? A. Switches take less time to process frames than

More information

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS 1 LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS Te-Shun Chou and Tijjani Mohammed Department of Technology Systems East Carolina University chout@ecu.edu Abstract

More information

WiFi Security Assessments

WiFi Security Assessments WiFi Security Assessments Robert Dooling Dooling Information Security Defenders (DISD) December, 2009 This work is licensed under a Creative Commons Attribution 3.0 Unported License. Table of Contents

More information

- Hubs vs. Switches vs. Routers -

- Hubs vs. Switches vs. Routers - 1 Layered Communication - Hubs vs. Switches vs. Routers - Network communication models are generally organized into layers. The OSI model specifically consists of seven layers, with each layer representing

More information

Networking Semester 1 Final After Study Guide

Networking Semester 1 Final After Study Guide Networking Semester 1 Final After Study Guide The following have been found to be answered wrong by a majority of the class. The drag & drop questions are not partial credit questions. 1. Where do switches

More information

Packet Sniffing: What it s Used for, its Vulnerabilities, and How to Uncover Sniffers

Packet Sniffing: What it s Used for, its Vulnerabilities, and How to Uncover Sniffers Packet Sniffing: What it s Used for, its Vulnerabilities, and How to Uncover Sniffers Mathurshan Vimalesvaran Tufts University Abstract Packets are the base of all data sent on the internet, yet they are

More information

Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper

Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper Details: Introduction When computers in a private network connect to the Internet, they physically

More information

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express

More information

Packet Sniffer Detection with AntiSniff

Packet Sniffer Detection with AntiSniff Ryan Spangler University of Wisconsin - Whitewater Department of Computer and Network Administration May 2003 Abstract Packet sniffing is a technique of monitoring every packet that crosses the network.

More information

Security of IPv6 and DNSSEC for penetration testers

Security of IPv6 and DNSSEC for penetration testers Security of IPv6 and DNSSEC for penetration testers Vesselin Hadjitodorov Master education System and Network Engineering June 30, 2011 Agenda Introduction DNSSEC security IPv6 security Conclusion Questions

More information

Network Basics GRAPHISOFT. for connecting to a BIM Server. 2009 (version 1.0)

Network Basics GRAPHISOFT. for connecting to a BIM Server. 2009 (version 1.0) for connecting to a BIM Server GRAPHISOFT 2009 (version 1.0) Basic Vocabulary...3 Local Area Networks...5 Examples of Local Area Networks...5 Example 1: LAN of two computers without any other network devices...5

More information

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

CYBER ATTACKS EXPLAINED: PACKET CRAFTING CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure

More information

CCT vs. CCENT Skill Set Comparison

CCT vs. CCENT Skill Set Comparison Operation of IP Data Networks Recognize the purpose and functions of various network devices such as Routers, Switches, Bridges and Hubs Select the components required to meet a given network specification

More information

ARP Poisoning (Man-in-the-Middle) Attack and Mitigation Techniques

ARP Poisoning (Man-in-the-Middle) Attack and Mitigation Techniques Layer 2 Attacks and Mitigation Techniques for the Cisco Catalyst 6500 Series Switches Running Cisco IOS Software ARP Poisoning (Man-in-the-Middle) Attack and Mitigation Techniques A CSSTG SE Residency

More information

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

SY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped

More information

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs Tasks: 1 (10 min) Verify that TCP/IP is installed on each of the computers 2 (10 min) Connect the computers together via a switch 3 (10 min)

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

Introduction to Network Security Lab 1 - Wireshark

Introduction to Network Security Lab 1 - Wireshark Introduction to Network Security Lab 1 - Wireshark Bridges To Computing 1 Introduction: In our last lecture we discussed the Internet the World Wide Web and the Protocols that are used to facilitate communication

More information

Configure IOS Catalyst Switches to Connect Cisco IP Phones Configuration Example

Configure IOS Catalyst Switches to Connect Cisco IP Phones Configuration Example Configure IOS Catalyst Switches to Connect Cisco IP Phones Configuration Example Document ID: 69632 Introduction Prerequisites Requirements Components Used Conventions Background Information Configure

More information

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP Guide to Network Defense and Countermeasures Third Edition Chapter 2 TCP/IP Objectives Explain the fundamentals of TCP/IP networking Describe IPv4 packet structure and explain packet fragmentation Describe

More information

Exploiting First Hop Protocols to Own the Network. Rocket City TakeDownCon 2015. Paul Coggin Senior Principal Cyber Security Analyst @PaulCoggin

Exploiting First Hop Protocols to Own the Network. Rocket City TakeDownCon 2015. Paul Coggin Senior Principal Cyber Security Analyst @PaulCoggin Exploiting First Hop Protocols to Own the Network Rocket City TakeDownCon 2015 Paul Coggin Senior Principal Cyber Security Analyst @PaulCoggin www.dynetics.com V## Goes Here 1 OSI and TCP/IP Model OSI

More information

During your session you will have access to the following lab configuration. CLIENT1 (Windows XP Workstation) 192.168.0.2 /24

During your session you will have access to the following lab configuration. CLIENT1 (Windows XP Workstation) 192.168.0.2 /24 Introduction The Network Vulnerabilities module provides you with the instruction and Server hardware to develop your hands on skills in the defined topics. This module includes the following exercises:

More information

Security Considerations in IP Telephony Network Configuration

Security Considerations in IP Telephony Network Configuration Security Considerations in IP Telephony Network Configuration Abstract This Technical Report deals with fundamental security settings in networks to provide secure VoIP services. Example configurations

More information

Introduction on Low level Network tools

Introduction on Low level Network tools Georges Da Costa dacosta@irit.fr http: //www.irit.fr/~georges.da-costa/cours/addis/ 1 Introduction 2 Aircrack-ng 3 Wireshark Low level tools Hacking tools Aircrack-ng (ex Aircrack, ex Airsnort) WEP/WPA

More information

Abstract. Introduction. Section I. What is Denial of Service Attack?

Abstract. Introduction. Section I. What is Denial of Service Attack? Abstract In this report, I am describing the main types of DoS attacks and their effect on computer and network environment. This report will form the basis of my forthcoming report which will discuss

More information

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols

More information

CompTIA Network+ N Official Cert Guide Mapping Guide to CompTIA Network+ Simulator Labs

CompTIA Network+ N Official Cert Guide Mapping Guide to CompTIA Network+ Simulator Labs CompTIA Network+ N10 005 Official Cert Guide Mapping Guide to CompTIA Network+ Simulator Labs Domain 1.0: Network Concepts 1.1 Compare the layers of the OSI and TCP/IP Models TCP/IP Model Layer Matching

More information

TCP/IP Security Problems. History that still teaches

TCP/IP Security Problems. History that still teaches TCP/IP Security Problems History that still teaches 1 remote login without a password rsh and rcp were programs that allowed you to login from a remote site without a password The.rhosts file in your home

More information

2. What is the maximum value of each octet in an IP address? A. 28 B. 255 C. 256 D. None of the above

2. What is the maximum value of each octet in an IP address? A. 28 B. 255 C. 256 D. None of the above CCNA1 V3.0 Mod 10 (Ch 8) 1. How many bits are in an IP C. 64 2. What is the maximum value of each octet in an IP A. 28 55 C. 256 3. The network number plays what part in an IP A. It specifies the network

More information

Sniffing in a Switched Network

Sniffing in a Switched Network Sniffing in a Switched Network -With A Recipe To Hack A Switch Using Ettercap and Ethereal -Manu Garg manugarg at gmail dot com Problem Statement- To gain access to main switch of your company using a

More information

Lab - Using IOS CLI with Switch MAC Address Tables

Lab - Using IOS CLI with Switch MAC Address Tables Topology Addressing Table Objectives Device Interface IP Address Subnet Mask Default Gateway R1 G0/1 192.168.1.1 255.255.255.0 N/A S1 VLAN 1 192.168.1.11 255.255.255.0 192.168.1.1 S2 VLAN 1 192.168.1.12

More information

100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1) 100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1) Course Overview This course provides students with the knowledge and skills to implement and support a small switched and routed network.

More information

IP Networking. Overview. Networks Impact Daily Life. IP Networking - Part 1. How Networks Impact Daily Life. How Networks Impact Daily Life

IP Networking. Overview. Networks Impact Daily Life. IP Networking - Part 1. How Networks Impact Daily Life. How Networks Impact Daily Life Overview Dipl.-Ing. Peter Schrotter Institute of Communication Networks and Satellite Communications Graz University of Technology, Austria Fundamentals of Communicating over the Network Application Layer

More information

Network Protocol Configuration

Network Protocol Configuration Table of Contents Table of Contents Chapter 1 Configuring IP Addressing... 1 1.1 IP Introduction... 1 1.1.1 IP... 1 1.1.2 IP Routing Protocol... 1 1.2 Configuring IP Address Task List... 2 1.3 Configuring

More information

Cain & Abel v 2.5. Password Cracking Via ARP Cache Poisoning Attacks. v.1. Page 1 of 15

Cain & Abel v 2.5. Password Cracking Via ARP Cache Poisoning Attacks. v.1. Page 1 of 15 Cain & Abel v 2.5 Password Cracking Via ARP Cache Poisoning Attacks v.1 2004 Page 1 of 15 Objective: At the end of this lab students will be able to use the password auditing and ARP Poison Routing (APR)

More information

Information Security Training. Assignment 1 Networking

Information Security Training. Assignment 1 Networking Information Security Training Assignment 1 Networking By Justin C. Klein Keane September 28, 2012 Assignment 1 For this assignment you will utilize several networking utilities

More information

CCNA Discovery 4.0.3.0 Networking for Homes and Small Businesses Student Packet Tracer Lab Manual

CCNA Discovery 4.0.3.0 Networking for Homes and Small Businesses Student Packet Tracer Lab Manual 4.0.3.0 Networking for Homes and Small Businesses Student Packet Tracer Lab Manual This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial

More information

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright

More information

Ethernet. Ethernet. Network Devices

Ethernet. Ethernet. Network Devices Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking

More information

Exhibit n.2: The layers of a hierarchical network

Exhibit n.2: The layers of a hierarchical network 3. Advanced Secure Network Design 3.1 Introduction You already know that routers are probably the most critical equipment piece in today s networking. Without routers, internetwork communication would

More information

Wireless Encryption Protection

Wireless Encryption Protection Wireless Encryption Protection We re going to jump around a little here and go to something that I really find interesting, how do you secure yourself when you connect to a router. Now first and foremost

More information

Link Layer and Network Layer Security for Wireless Networks

Link Layer and Network Layer Security for Wireless Networks Link Layer and Network Layer Security for Wireless Networks Interlink Networks, Inc. May 15, 2003 1 LINK LAYER AND NETWORK LAYER SECURITY FOR WIRELESS NETWORKS... 3 Abstract... 3 1. INTRODUCTION... 3 2.

More information

Implementing Secure Converged Wide Area Networks (ISCW)

Implementing Secure Converged Wide Area Networks (ISCW) Implementing Secure Converged Wide Area Networks (ISCW) 1 Mitigating Threats and Attacks with Access Lists Lesson 7 Module 5 Cisco Device Hardening 2 Module Introduction The open nature of the Internet

More information

Layer 3 Routing User s Manual (UI 2.0)

Layer 3 Routing User s Manual (UI 2.0) Layer 3 Routing User s Manual (UI 2.0) Second Edition, June 2015 www.moxa.com/product Models covered by this manual: IKS-G6824A, ICS-G7826A, ICS-G7828A, ICS-G7848A, ICS-G7850A, ICS-G7852A Series 2015 Moxa

More information

ACHILLES CERTIFICATION. SIS Module SLS 1508

ACHILLES CERTIFICATION. SIS Module SLS 1508 ACHILLES CERTIFICATION PUBLIC REPORT Final DeltaV Report SIS Module SLS 1508 Disclaimer Wurldtech Security Inc. retains the right to change information in this report without notice. Wurldtech Security

More information

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0 Module 1: Vulnerabilities, Threats, and Attacks 1.1 Introduction to Network Security

More information

SSVP SIP School VoIP Professional Certification

SSVP SIP School VoIP Professional Certification SSVP SIP School VoIP Professional Certification Exam Objectives The SSVP exam is designed to test your skills and knowledge on the basics of Networking and Voice over IP. Everything that you need to cover

More information

EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE

EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE EXECUTIVE SUMMARY Enterprise network managers are being forced to do more with less. Their networks are growing in size and complexity. They need

More information

Brocade NetIron Denial of Service Prevention

Brocade NetIron Denial of Service Prevention White Paper Brocade NetIron Denial of Service Prevention This white paper documents the best practices for Denial of Service Attack Prevention on Brocade NetIron platforms. Table of Contents Brocade NetIron

More information

The Internet software layers

The Internet software layers The Internet software layers SMTP, Telnet, FTP, POP3, IMAP TCP, UDP IP: RIP, BGP, OSPF Ethernet, Wireless LAN, Token Ring Twisted pair, coaxial, microwave, optical fiber Ethernet 1973 Xerox s researcher

More information

Technical Support Information Belkin internal use only

Technical Support Information Belkin internal use only The fundamentals of TCP/IP networking TCP/IP (Transmission Control Protocol / Internet Protocols) is a set of networking protocols that is used for communication on the Internet and on many other networks.

More information

IPv6 Security Analysis

IPv6 Security Analysis CENTER FOR CONVERGENCE AND EMERGING NETWORK TECHNOLOGIES CCENT School of Information Studies Syracuse University IPv6 Security Analysis TECHNICAL REPORT: T.R. 2014-002 Authored by: Jose Gonzalo Bejar (revised

More information

Configuring the Transparent or Routed Firewall

Configuring the Transparent or Routed Firewall 5 CHAPTER This chapter describes how to set the firewall mode to routed or transparent, as well as how the firewall works in each firewall mode. This chapter also includes information about customizing

More information

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Auxiliary Protocols

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Auxiliary Protocols Auxiliary Protocols IP serves only for sending packets with well-known addresses. Some questions however remain open, which are handled by auxiliary protocols: Address Resolution Protocol (ARP) Reverse

More information

INTRUDER DETECTION MONITORING APPLICATION USING SNMP PROTOCOL

INTRUDER DETECTION MONITORING APPLICATION USING SNMP PROTOCOL 8-02 Intruder Detection Monitoring Application Using Snmp Protocol INRUDER DEECION MONIORING APPLICAION USING SNMP PROOCOL Vicky Hanggara 1, ransiscus Ati Halim 2, Arnold Aribowo 3 1,2,3 Computer System

More information

GCSE Computing A451 Unit 6.1 Networks

GCSE Computing A451 Unit 6.1 Networks Candidates should be able to: a. Explain the advantages of networking stand-alone computers into a LAN b. Describe H/W needed to connect stand-alone computers into a LAN, including hub/switches, wireless

More information

Threat Events: Software Attacks (cont.)

Threat Events: Software Attacks (cont.) ROOTKIT stealthy software with root/administrator privileges aims to modify the operation of the OS in order to facilitate a nonstandard or unauthorized functions unlike virus, rootkit s goal is not to

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Lab 1: Packet Sniffing and Wireshark

Lab 1: Packet Sniffing and Wireshark Introduction CSC 5991 Cyber Security Practice Lab 1: Packet Sniffing and Wireshark The first part of the lab introduces packet sniffer, Wireshark. Wireshark is a free opensource network protocol analyzer.

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

More information

Network Security: Workshop

Network Security: Workshop Network Security: Workshop Protocol Analyzer Network analysis is the process of capturing network traffic and inspecting it closely to determine what is happening on the network decodes,, or dissects,,

More information

LANs and VLANs A Simplified Tutorial

LANs and VLANs A Simplified Tutorial Application Note LANs and VLANs A Simplified Tutorial Version 3.0 May 2002 COMPAS ID 90947 Avaya Labs 1 Companion document IP Addressing: A Simplified Tutorial COMPAS ID 92962 2 Introduction As the name

More information

VXLAN: Scaling Data Center Capacity. White Paper

VXLAN: Scaling Data Center Capacity. White Paper VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where

More information