更新时间:2022-09-19 22:08:31
There are many ways for the attacker to insert themselves in the middle of a conversation. Just some of the tools at the attackers disposal include:
Some of these attacks work across the internet, but most of these are limited to the LAN and rely on Layer2. The good news is that many of these attacks can be mitigated with new features deployed in the latest version of Cisco's IOS (12.2 or better). BPDU Guard, DHCP Snooping, DHCP Snooping +Dynamic Arp Inspection , DHCP Snooping + IP Source Guard, ARP Rate Limiting, Mac Address port security, PVLAN Protected, Isolated, Community and Promiscuous ports and 802.1x can all be used to effectively limit many of these attacks. Listener Brian Almond (Infosec Samurai) submitted this PDF on layer two security. Give it a gander! Nice work Brian.
Download Brian Almond's paper here
Other resources
http://isc.sans.org/diary.html?storyid=7567
http://www.ciscopress.com/articles/article.asp?p=1181682
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/19ew/configuration/guide/dhcp.html
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/19ew/configuration/guide/dynarp.html
Mark Baggett is teaching SANS 504 in Raleigh NC June 21st! Click here for more information.