MAC addresses flooding
To make the switch's Mac table full by simulating a large number of source MAC addresses
can be solved by port security.
VLAN hopping
Access to other VLANs by changing the packet Vlan-id
Strictly set trunk allow which VLAN to pass, put the useless port into the common VLAN (i.e. vlan1)
Attacks between devices on a common VLAN
Devices that belong to the same VLAN can also attack each other.
Through the Pvlan to solve
DHCP starvation
An attacker sends countless DHCP requests, come on. The address in the DHCP server address pool is depleted
Using DHCP snooping to resolve
STP compromises
The attackers set their own bridge priority to be the biggest, so that they become bridge root.
Manually set bridge priority to 0 and set up a backup root to open root guard
Mac Spoofing/arp Spoofing
The attacker would change his MAC address to the MAC address of the target, so that he could receive data from the attacker.
Manually bind MAC addresses and interfaces, or ARP inspection
CDP manipulation
Because the CDP information is plaintext, an attacker can crawl its information
Turn CDP off on an interface that does not need to run CDP
SSH and Telnet attacks
Some attacks on SSH and Telnet
Using SSH v2, use Access-class for Telnet
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
