A: How do I attack common network devices and defend against them?
Q: This article will discuss the attack methods and defense measures of hubs, switches, routers and firewalls.
1. Hub
Working principle:A hub is a half-duplex conflict device. All ports are in a conflict domain. The Hub broadcasts received packets to all ports on the hub except the acceptor port) to send data to the target host.
Attack method:Any port on the hub can listen on all data from other ports.
Defense method:The Hub is inherently defective and cannot be defended.
Ii. vswitches
Working principle:The switch works at the Layer 2 data link layer of OSI. It selects the data link layer based on the MAC address table: A packet enters the switch from port X, first, add the "source MAC--X port" data pairs to the MAC table MAC address self-learning ). Then, check whether there are table items corresponding to the MAC address of the Message destination in the MAC address table. If yes, the packets are sent to the corresponding interface. If no, the packets are broadcast to all ports except the inbound ports ).
Attack method:CAM table, also known as MAC Address Table) overflow.
The MAC address table of each switch device has a capacity limit. Intruders send packets with different MAC addresses from the same port within a few seconds to fill the CAM table, as a result, the switch CAM table overflows, and normal CAM cannot be learned by the switch. Packets entering the vswitch from other ports are broadcasted to each port, so that data can be listened on the host connected to other ports of the vswitch.
Defense method:There are two defense methods: Configuring port security mode and binding ports to MAC) and preventing unknown unicast flood.
Iii. vro
Working principle:The router works at the OSI network layer and is used for IP addressing, routing, and isolated broadcast at the network layer.
Attack method:There are no specific effective attack methods. Generally, vro vulnerabilities or management software vulnerabilities are used for attacks, such as SNMP vulnerability attacks.
Defense method:Security awareness. Including system reinforcement and timely patching.
Iv. Firewall
Working principle:A firewall is an access control device based on network traffic. It is located at the boundary of a secure network (CEN) and a non-secure network (Internet. By configuring security control policies of the firewall, data communication between two different security-level networks is filtered, and illegal access behavior is restricted to protect the internal network of the enterprise.
Attack method:There is no specific method, based on the firewall type and existing vulnerability attacks. Such as buffer overflow attacks, DoS attacks, Trojan attacks, and Protocol tunnel attacks.
Defense method:More comprehensive firewall devices.
This article from the "one text one ask one world" blog, please be sure to keep this source http://worldinwords.blog.51cto.com/7889522/1297421