یادگیری هک کلاه سفید و تست نفوذ به شبکه
TRANSCRIPT
تریبررسی دو سناریو در رابطه با اختالل در شبکه های کامپیو(DHCP SPOOFING & CAM TABLE OVERFLOW)
1
TABLE OF CONTENTS
• Introduction of CAM Table Overflow Attack
• Explain CAM Table Overflow Attack
• How to Defend!
2
• Introduction of DHCP Spoofing Attack
• Explain DHCP Spoofing Attack
• How to Defend!
CAM Table Overflow Attack DHCP Spoofing Attack
The Goal of This Seminar
THE GOAL OF THIS SEMINAR
• According to a study by the FBI, an estimated 70 percent of these network breaches
originate from within.
• Disorder in computer networks is not a big work . It is just abuse of some simple Rules.
3
CAM Table overflow Attack
• Introduction of CAM Table Overflow Attack
4
500-50-56-C0-00-02
COM1
70-1A-04-FF-F1-67
COM2
Port 1 Port 2 Port 3 Port 4
CAM Table
00-50-56-
C0-00-02
? YES!!
70-1A-04-
FF-F1-67
CAM Table overflow Attack
• Introduction of CAM Table Overflow Attack
• Explain CAM Table Overflow Attack
6
700-50-56-C0-00-02
COM1
70-1A-04-FF-F1-67
COM2
Port 1 Port 2 Port 3 Port 4
CAM Table
00-50-56-
C0-00-02
70-1A-04-
FF-F1-67
28-50-56-
C0-00-02
43-50-56-
86-00-02
A3-00-56-
86-00-02
98-BC-56-
86-00-02
F3-64-56-
86-00-02
8
CAM Table overflow Attack
• Introduction of CAM Table Overflow Attack
• Explain CAM Table Overflow Attack
• How to Defend!
9
THE SOLUTION IS:
Port Security
10
1100-50-56-C0-00-02
COM1
70-1A-04-FF-F1-67
COM2
Port 1 Port 2 Port 3 Port 4
CAM Table
00-50-56-
C0-00-02
70-1A-04-
FF-F1-67
28-50-56-
C0-00-02
43-50-56-
86-00-02
Configure Port Security on all the ports of switch
DHCP Spoofing Attack
• Introduction of DHCP Spoofing Attack
12
13MAC(COM1)
COM1
IP Address
Kinds of Communication in
Computer Networks
1.Unicast
2.Multicast
3.Broadcast
Source IP: 0.0.0.0
Destination IP: 255.255.255.255
Source MAC: MAC(COM1)
Destination MAC : FF-FF-FF-FF-FF-FF
UDP Connection
Destination Port: 67
DHCP Discover
DHCP Offer
DHCP Request
DHCPAcknowledgment
DHCP Server
MAC(DHCP)
IP:10.1.1.100
Source IP: 10.1.1.100
Destination IP: 255.255.255.255
Source MAC: MAC(DHCP)
Destination MAC : FF-FF-FF-FF-FF-FF
UDP Connection
Destination Port: 68
MAC Address Leased IP
MAC(COM1) 10.1.1.20
DHCP Spoofing Attack
• Introduction of DHCP Spoofing Attack
• Explain DHCP Spoofing Attack
14
15MAC(COM1)
COM1
IP Address
DHCP Server
MAC(DHCP)
IP:10.1.1.100
I want an IP!This is your IP and if you
want to go to Internet use
this Gateway!
MAC1, MAC2 ,
MAC3 , MAC4
,…………………
……
Hey DHCP Server! I
have these MACs .
Give IP Addresses
for these IPs !!!
OK, Here You Are!OK, Here You Are!OK, Here You Are!OK, Here You Are!
.
.
.
.
NOW..I am DHCP Server
I Do not have anything!!!
DHCP Spoofing Attack
• Introduction of DHCP Spoofing Attack
• Explain DHCP Spoofing Attack
• How to Defend!
16
THE SOLUTION IS:
DHCP Snooping
17
18MAC(COM1)
COM1
IP Address
DHCP Server
MAC(DHCP)
IP:10.1.1.100
DHCP Snooping Enabled Switch
DHCP Snooping says: “This
Port is allowed to be the
port of DHCP Server!”
NOW..I became myself
DHCP Server!!
No You can not!
because your port is
not trusted by switch!
CONCLUSION
Disorder in computer networks is not a big work .
It is just abuse of some simple Rules.
19
PAPERS & REPORT
20
PAPERS & REPORT
21
PAPERS & REPORT
22
REFERENCES
23
CCNA SecurityOfficial Exam Certification Guide
(Chapter 6 : Securing Layer 2 Devices)
24
با تشکر از همراهی شما دوستان عزیز
25