یادگیری هک کلاه سفید و تست نفوذ به شبکه

تریبررسی دو سناریو در رابطه با اختالل در شبکه های کامپیو(DHCP SPOOFING & CAM TABLE OVERFLOW)

1

TABLE OF CONTENTS

• Introduction of CAM Table Overflow Attack

• Explain CAM Table Overflow Attack

• How to Defend!

2

• Introduction of DHCP Spoofing Attack

• Explain DHCP Spoofing Attack

• How to Defend!

CAM Table Overflow Attack DHCP Spoofing Attack

The Goal of This Seminar

THE GOAL OF THIS SEMINAR

• According to a study by the FBI, an estimated 70 percent of these network breaches

originate from within.

• Disorder in computer networks is not a big work . It is just abuse of some simple Rules.

3

CAM Table overflow Attack


4

500-50-56-C0-00-02

COM1

70-1A-04-FF-F1-67

COM2

Port 1 Port 2 Port 3 Port 4

CAM Table

00-50-56-

C0-00-02

? YES!!

70-1A-04-

FF-F1-67




6

700-50-56-C0-00-02

COM1

70-1A-04-FF-F1-67

COM2


CAM Table

00-50-56-

C0-00-02

70-1A-04-

FF-F1-67

28-50-56-

C0-00-02

43-50-56-

86-00-02

A3-00-56-

86-00-02

98-BC-56-

86-00-02

F3-64-56-

86-00-02




• How to Defend!

9

THE SOLUTION IS:

Port Security

10

1100-50-56-C0-00-02

COM1

70-1A-04-FF-F1-67

COM2


CAM Table

00-50-56-

C0-00-02

70-1A-04-

FF-F1-67

28-50-56-

C0-00-02

43-50-56-

86-00-02

Configure Port Security on all the ports of switch

DHCP Spoofing Attack


12

13MAC(COM1)

COM1

IP Address

Kinds of Communication in

Computer Networks

1.Unicast

2.Multicast

3.Broadcast

Source IP: 0.0.0.0

Destination IP: 255.255.255.255

Source MAC: MAC(COM1)

Destination MAC : FF-FF-FF-FF-FF-FF

UDP Connection

Destination Port: 67

DHCP Discover

DHCP Offer

DHCP Request

DHCPAcknowledgment

DHCP Server

MAC(DHCP)

IP:10.1.1.100

Source IP: 10.1.1.100

Destination IP: 255.255.255.255

Source MAC: MAC(DHCP)

Destination MAC : FF-FF-FF-FF-FF-FF

UDP Connection

Destination Port: 68

MAC Address Leased IP

MAC(COM1) 10.1.1.20




14

15MAC(COM1)

COM1

IP Address

DHCP Server

MAC(DHCP)

IP:10.1.1.100

I want an IP!This is your IP and if you

want to go to Internet use

this Gateway!

MAC1, MAC2 ,

MAC3 , MAC4

,…………………

……

Hey DHCP Server! I

have these MACs .

Give IP Addresses

for these IPs !!!

OK, Here You Are!OK, Here You Are!OK, Here You Are!OK, Here You Are!

.

.

.

.

NOW..I am DHCP Server

I Do not have anything!!!




• How to Defend!

16

THE SOLUTION IS:

DHCP Snooping

17

18MAC(COM1)

COM1

IP Address

DHCP Server

MAC(DHCP)

IP:10.1.1.100

DHCP Snooping Enabled Switch

DHCP Snooping says: “This

Port is allowed to be the

port of DHCP Server!”

NOW..I became myself

DHCP Server!!

No You can not!

because your port is

not trusted by switch!

CONCLUSION

Disorder in computer networks is not a big work .

It is just abuse of some simple Rules.

19

PAPERS & REPORT

20

PAPERS & REPORT

21

PAPERS & REPORT

22

REFERENCES

23

CCNA SecurityOfficial Exam Certification Guide

(Chapter 6 : Securing Layer 2 Devices)

24

با تشکر از همراهی شما دوستان عزیز

یادگیری هک کلاه سفید و تست نفوذ به شبکه

Software