The core of the network has a full understanding of the switch vulnerabilities

Source: Internet
Author: User
Keywords Core
The IDC report shows that the switch market has maintained a high growth momentum in recent years, and the market is expected to reach $1.51 billion by 2009. Switch in the enterprise network occupies an important position, is usually the core of the entire network, this position makes it become the focus of hacker intrusion and virus rampant, in order to protect their own network security, enterprises need to have a full understanding of the switch vulnerabilities on the local area network. The following are five ways to exploit the switch vulnerabilities. VLAN jump attack virtual local area network (VLAN) is a method to segment broadcast domain. VLANs are also often used to provide additional security for the network, because computers on one VLAN cannot talk to users on another VLAN without explicit access. However, the VLAN itself is not enough to protect the environment, malicious hackers through the VLAN jump attack, even unauthorized, can jump from one VLAN to another VLAN. VLAN jump attacks (VLAN hopping) rely on Dynamic relay Protocol (DTP). If there are two interconnected switches, the DTP can negotiate between the two to determine whether they want to be 802.1Q relays, and the negotiation process is done by checking the configuration state of the ports. VLAN jump attacks make full use of DTP, in the VLAN jump attack, hackers can deceive the computer, posing as another switch to send false DTP negotiation messages, announced that he wants to be a relay; When the real switch receives this DTP message, it thinks it should enable the 802.1Q relay function, and once the relay function is enabled, the flow of information through all VLANs is sent to the hacker's computer. Figure 1 illustrates this process. After the relay is established, the hacker can continue to probe the flow of information, and can also specify which VLAN to send the attack traffic to by adding a 802.1Q message to the frame. The spanning tree attack spanning Tree Protocol (STP) can prevent redundant switched environments from appearing in loops. If the network has a circuit, it will become congested, resulting in broadcast storms, resulting in Mac table inconsistencies, resulting in the network crash. All switches that use STP share information through the Network Bridge Protocol Data Unit (BPDU), which is sent every two seconds. BPDU When the switch sends the BPDU, it contains a label named the Bridge ID, which combines configurable priorities (the default value is 32768) and the basic MAC address of the switch. The switch can send and receive these BPDU to determine which switch has the lowest network Bridge ID, and that switch with the lowest bridge ID becomes the root bridge (root bridges). A bridge is like a community grocery in a small town, where every town needs a grocery store, and every citizen needs to determine the best route to the grocery store. Routes that are longer than the best route are not used unless the main channel is blocked. The root Network bridge works very much the same way. Each of the other switches determines the best route to return to the root Network Bridge, based on the cost, which isThis is based on the value allocated for the bandwidth. If any other route finds out that the blocking mode does not form a loop (for example, if there is a problem with the main route), they will be set to blocking mode. The malicious hacker exploits the STP to launch a denial of service (DoS) attack. If a malicious hacker connects a computer to more than one switch and then sends a well-designed BPDU with a low bridge ID, it can deceive the switch so that it thinks it is a root network bridge, which causes STP to converge (Reconverge), causing the loop to cause the network to crash. Mac watch the flood attack switch works by recording the Mac source address when the frame enters the switch, and the MAC address is related to the port that the frame enters, so the information flow to the MAC address will be sent only through the port. This improves bandwidth utilization because the information flow does not need to be sent from all ports, but only from those ports that need to be received. The MAC address is stored in content addressable memory (CAM), which is a 128K-sized reserved memory, designed to store the MAC address for quick querying. If a malicious hacker sends a large number of packets to cam, it causes the switch to start sending a large number of streams of information everywhere, thereby burying the hidden danger and even causing the switch to crash in a denial-of-service attack. ARP attack ARP (address denotes Kyoto) spoofing is a common tactic used in session hijacking attacks. The Address Resolution Protocol (ARP) uses layer 2nd physical MAC addresses to map layer 3rd logical IP addresses, and sends ARP requests if the device knows the IP address but does not know the MAC address of the requested host. ARP requests are usually sent as broadcasts so that all hosts can receive them. A malicious hacker can send a spoofed ARP reply to get the flow of information sent to another host. Figure 2 shows an ARP spoofing process in which ARP requests are sent as broadcast frames to obtain a legitimate user's MAC address. Assuming that the hacker Jimmy is also on the web, he is trying to get a stream of information sent to this legitimate user, the hacker Jimmy Deceives the ARP response, claiming that he is the owner of the IP address 10.0.0.55 (MAC address is 05-1c-32-00-a1-99), Legitimate users also respond with the same MAC address. As a result, the switch has two ports associated with the Mac table address on the Mac's surface, and all the frames sent to the MAC address are sent to both the legitimate user and the hacker Jimmy. The VTP Attack VLAN Relay Protocol (Vtp,vlan Trunk Kyoto) is a management protocol that reduces the number of configurations in an Exchange environment. For VTP, switches can be VTP servers, VTP clients, or VTP transparent switches, which focus on VTP servers and VTP clients. Users work on VTP server every timeWhen configuration changes are made to a switch in the mode, whether adding, modifying, or removing the VLAN,VTP configuration version number increases 1,VTP The client sees that the configuration version number is greater than the current version number and knows to synchronize with the VTP server. A malicious hacker can use VTP to remove all the VLANs on the network (except the default VLAN) so that he can go to the same VLAN as every other user. However, the user may still be on a different network, so a malicious hacker needs to change his IP address to get into the same network as the host he wants to attack. A malicious hacker can make the most of VTP by connecting to the switch and building a relay between its own computer and the switch. Hackers can send VTP messages to a configuration version number higher than the current VTP server, which causes all switches to sync with a malicious hacker's computer, removing all Non-default VLANs from the VLAN database. "Responsible editor: Zhao TEL: (010) 68476636-8001" to force (0 Votes) Tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title of the party (0 Votes) passed (0 vote) by the original text: The core of the network of the switch to fully understand return network security home
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.