Thursday 20 July 2023

What is VLAN Access List? How to configure VACL?

VLAN Access List

VLAN ACL Is very useful when we want to filter traffic within the VLAN. When we configure VACL on the switch, all the packets entering the VLAN are checked against the VLAN access list. In VACL you cannot define the direction like router ACL. A VACL can either drop a matching packet, forward it, or redirect it to another interface. Notice that the VACL is applied globally to one or more VLANs listed and not to a VLAN interface switch virtual interface (SVI).

How to proceed

1. Configure ACL standard or extended as per your requirement for VACL.
2. Configure a VLAN access map for matching the IP hosts
3. Configure the action forward or drop
4. Apply the VACL map to the VLAN.
5. Verify the VACL map information.

https://youtube.com/@internetworkss

Topology: -

configure IP addresses on PCs as per the topology
configure the default gateway as per the topology
configure inter-VLAN- routing SVI
configure IP address 10.1.1.1 on VLAN 10
configure IP address 20.1.1.1 on VLAN 20
at this point make sure all four PCs can ping each other
configure ACL 10
configure VACL make sure PC1 cannot communicate with any VLAN 20 PC

What is Private VLAN? How to configure Private VLAN? #PVLAN

By default, our traffic is allowed to move unrestricted within a VLAN. One host sends packets to another host and it's heard only by the destination host this is the beauty of layer 2 switching. However, if one host sends the broadcast packet, all the remaining hosts on that VLAN listen to that broadcast and reply as per the broadcast. We can solve this if the host is connected to a local switch with VACL or configured with more VLAN but it would be nice to have the capability to segment traffic within a single VLAN, without having to use multiple VLANs. The solution is Private VLAN.

Let’s understand private VLAN with an example.

All the devices are on a single subnet and in a single VLAN 100. All the devices can communicate but we don’t want all devices to communicate. As per the requirement, we need server 1, and server 2 should be able to share and communicate with each other and gateway but not communicate with server 3. Server 3 can only communicate with the gateway and be Isolated. This can be done with Private VLANs.

The private VLAN always has one primary VLAN. Within the primary VLAN, you will find the promiscuous port. In my picture above you can see that there’s a router connected to a promiscuous port. All other ports are able to communicate with the promiscuous port. Within the primary VLAN, you will encounter one or more secondary VLANs, there are two types:

Community VLAN: In this VLAN all the ports can communicate with each other and also the promiscuous port but not with other communities.

Isolated VLAN: In this VLAN all the ports are isolated means cannot communicate with each other or any community VLAN but they can communicate with the promiscuous port.

let's see the configuration: -

Topology:

configure the topology as per the diagram
assign the IP addresses 192.168.1.0/24 subnet for all the ports
configure fa0/0 default gateway 192.168.1.1 on the router
configure primary VLAN 100
configure gig 0/0 promiscuous port
configure Community VLAN 101 assign port r gig 0/1
configure Community VLAN 102 assigns port gig 0/2
configure Isolated VLAN 103 assigns port gig 0/3
verify with show commands

Switch-1-(config)#vtp mode transparent

Device mode already VTP Transparent for VLANS.

Switch-1-(config)#VLAN 100

Switch-1-(config-vlan)#private-vlan primary

Switch-1-(config-vlan)#exit

Switch-1-(config)#VLAN 101

Switch-1-(config-vlan)#name first_community

Switch-1-(config-vlan)#private-vlan community

Switch-1-(config-vlan)#exit

Switch-1-(config)#VLAN 102

Switch-1-(config-vlan)#name second_community

Switch-1-(config-vlan)#private-vlan community

Switch-1-(config-vlan)#exit

Switch-1-(config)#VLAN 103

Switch-1-(config-vlan)#name isolate_community

Switch-1-(config-vlan)#private-vlan isolated

Switch-1-(config-vlan)#exit

Switch-1-(config)#vlan 100

Switch-1-(config-vlan)#private-vlan association 101,102,103

Switch-1-(config-vlan)#exit

Switch-1-(config)#interface gigabitEthernet 0/1

Switch-1-(config-if)#description this is a first-community-port

Switch-1-(config-if)#switchport private-vlan host-association 100 101

Switch-1-(config-if)#switchport mode private-vlan host

Switch-1-(config-if)#exit

Switch-1-(config)#interface gigabitEthernet 0/2

Switch-1-(config-if)#description this is a second-community-port

Switch-1-(config-if)#switchport private-vlan host-association 100 102

Switch-1-(config-if)#switchport mode private-vlan host

Switch-1-(config-if)#exit

Switch-1-(config)#interface gigabitEthernet 0/3

Switch-1-(config-if)#description this is a isolate-community-port

Switch-1-(config-if)#switchport private-vlan host-association 100 103

Switch-1-(config-if)#switchport mode private-vlan host

Switch-1-(config-if)#exit

switch-1-(config)#interface gigabitEthernet 0/0

switch-1-(config-if)#description this is a prom-port

switch-1-(config-if)#switchport private-vlan mapping 100 101,102,103

switch-1-(config-if)#switchport mode private-vlan promiscuous

switch-1-(config-if)#exit

switch-1-#show interfaces gigabitEthernet 0/0 switch

Name: Gi0/0

Switchport: Enabled

Administrative Mode: private-vlan promiscuous

Operational Mode: private-vlan promiscuous

Administrative Trunking Encapsulation: negotiate

Operational Trunking Encapsulation: native

Negotiation of Trunking: Off

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: 100 (VLAN100) 101 (first_community) 102 (second_community) 103 (isolate_community)

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk associations: none

Administrative private-vlan trunk mappings: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL

Appliance trust: none

switch-1-#show interfaces gigabitEthernet 0/1 switchport

Name: Gi0/1

Switchport: Enabled

Administrative Mode: private-vlan host

Operational Mode: private-vlan host

Administrative Trunking Encapsulation: negotiate

Operational Trunking Encapsulation: native

Negotiation of Trunking: Off

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: 100 (VLAN100) 101 (first_community)

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk associations: none

Administrative private-vlan trunk mappings: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL

Appliance trust: none

switch-1-#show interfaces gigabitEthernet 0/2 switchport

Name: Gi0/2

Switchport: Enabled

Administrative Mode: private-vlan host

Operational Mode: private-vlan host

Administrative Trunking Encapsulation: negotiate

Operational Trunking Encapsulation: native

Negotiation of Trunking: Off

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: 100 (VLAN100) 102 (second_community)

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk associations: none

Administrative private-vlan trunk mappings: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL

Appliance trust: none

switch-1-#show interfaces gigabitEthernet 0/3 switchport

Name: Gi0/3

Switchport: Enabled

Administrative Mode: private-vlan host

Operational Mode: private-vlan host

Administrative Trunking Encapsulation: negotiate

Operational Trunking Encapsulation: native

Negotiation of Trunking: Off

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: 100 (VLAN100) 103 (isolate_community)

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk associations: none

Administrative private-vlan trunk mappings: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL

Appliance trust: none

switch-1-#show vlan private-vlan type

Vlan Type

---- -----------------

100 normal

101 normal

102 normal

103 normal

switch-1-#show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Gi1/0, Gi1/1, Gi1/2, Gi1/3

Gi2/0, Gi2/1, Gi2/2, Gi2/3

Gi3/0, Gi3/1, Gi3/2, Gi3/3

100 VLAN100 active

101 first_community active

102 second_community active

103 isolate_community active

Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------

100 101 non-operational Gi0/0, Gi0/1

100 102 non-operational Gi0/0, Gi0/2

100 103 non-operational Gi0/0, Gi0/3

(In the type field you see non-operational, this is because I do not have an upgraded switch. you will see community, isolated, and pro port in the upgraded switch)

Thursday 29 June 2023

What is Administrative Distance? How to change AD value of OSPF, EIGRP, RIPv2 and BGP?

Administrative Distances

The administrative distance is used to rate the accuracy of routing protocol information received on a router from a neighbor router. An administrative distance is an integer value ranging from 0 to 255, where 0 means most trusted and 255 untrusted no traffic will be passed through this route or this route will never be installed in the routing table.

What will happen if our router receives two updates for the same remote network?

The first task our route will do is to check the administrative distance (AD). If one of the two updates has a lower AD than the other route. our router will install a lower AD route in the routing table.

Now again, what will happen if both the advertise updates have the same AD for the same remote network?

In this case, our router will find the best path for the remote network by comparing routing protocol metrics like hop count or the bandwidth of the lines depending on the routing protocol. The lowest metric will win and our router will install the route in the routing table.

Now one more time again, what if both advertise updates (route) have the same AD, and the same metric which route a router will install in its routing table?

The answer is router will do load balances to the remote network.

The administrative distance default values

Route source (protocol)	Default Administrative distance (AD)
Connected interface	0
Static route	1
Enhanced Interior Gateway Routing Protocol (EIGRP) summary route	5
External Border Gateway Protocol (BGP)	20
Internal EIGRP	90
IGRP	100
Open Shortest Path First OSPF OSPF	110
Intermediate System-to-Intermediate System (IS-IS)	115
Routing Information Protocol (RIP)	120
Exterior Gateway Protocol (EGP)	140
On-Demand Routing (ODR)	160
External EIGRP	170
Internal BGP	200
Unknown*	255

if you want to change the default administrative distance value yes you can change it, so let's configure the experiment here we are going to advertise the same remote network with 5 different protocols. let's see the router will install which route and then we will change the default AD and see the router action.

(If you are familiar with Internetworks blogs you know we come straight to the point and like LABS, I request you please visit our YouTube program and click here thank you)

Topology: -

configure the topology as per the diagram
assign the IP addresses to their ports as per the topology
configure a static route between routers 1-2-7
configure EIGRP routing between routers 1-3-7
configure OSPF routing between routers 1-4-7
configure RIPv2 routing between routers 1-5-7
configure IBGP routing between routers 1-6-7
advertise directly connected network
now you will see all the routers (R2, R3, R4, R5 and R6) advertising the same network 20.1.1.0 with different administrative distance
now ping from PC-1 to PC-2 and see which path router-1 will choose in order to reach the 20.0.0.0 network.

What is Smurf attack DDoS attack? How to configure Smurf attack?

A Smurf attack is a form of a DDoS attack (distributed denial of service). Smurf attack occurs at layer 3. A Smurf attack is named after the malware DDoS Smurf and more widely Smurf attack is named after a cartoon because it takes down a big target by working together.

Smurf attack exploiting vulnerabilities of IP and ICMP.

First, the attacker builds a Smurf malware spoofed packet that has its source address set to the targeted victim and this packet is sent to the destination address is a subnet broadcast address of a router or firewall. This is also called a directed broadcast. Now it sends requests (ICMP) to every host device address inside the network. More numbers of devices mean more requests. All the devices receive these requests and they reply to the target victim host with an ICMP packet. This attack makes the victim overwhelmed and results in denial-of-service to legitimate traffic.

I am assuming you understand the DDoS Smurf's attack, now let's configure and then we will see how to prevent these attacks.

Topology: -

configure the topology as per the diagram
assign the IP addresses on servers and PCs as per the topology.
assign the IP address Kali Linux 2-2 as per the topology
configure trunk and allowed all VLANs on the switch
configure PC ports as access ports.
configure static routing between routers
target server-1 from Kali 2-2
configure Smurf to attack the victim server with ICMP messages
make sure the server choked up and make it almost dead.

{assign the IP addresses on servers and PCs as per the topology}

SERVER-1> show ip all

NAME IP/MASK GATEWAY MAC DNS

SERVER-192.168.1.20/24 192.168.1.1 00:50:79:66:68:04

SERVER-2> show ip all

NAME IP/MASK GATEWAY MAC DNS

SERVER-192.168.1.21/24 192.168.1.1 00:50:79:66:68:06

SERVER-3> show ip all

NAME IP/MASK GATEWAY MAC DNS

SERVER- 192.168.1.22/24 192.168.1.1 00:50:79:66:68:05

PC1> show ip all

NAME IP/MASK GATEWAY MAC DNS

PC1 192.168.1.10/24 192.168.1.1 00:50:79:66:68:00

PC2> show ip all

NAME IP/MASK GATEWAY MAC DNS

PC2 192.168.1.11/24 192.168.1.1 00:50:79:66:68:01

PC3> show ip all

NAME IP/MASK GATEWAY MAC DNS

PC3 192.168.1.12/24 192.168.1.1 00:50:79:66:68:02

PC4> show ip all

NAME IP/MASK GATEWAY MAC DNS

PC4 192.168.1.13/24 192.168.1.1 00:50:79:66:68:03

{assign the IP address Kali Linux 2-2 as per the topology}

{configure trunk and allowed all VLANs on the switch}

SWITCH-1#show interface trunk

Port Mode Encapsulation Status Native vlan

Gi0/0 on 802.1q trunking 1

Port Vlans allowed on trunk

Gi0/0 1-4094

Port Vlans allowed and active in management domain

Gi0/0 1,100,200,300

Port Vlans in spanning tree forwarding state and not pruned

Gi0/0 1,100,200,300

{configure static routing between routers}

R1(config)#interface serial 4/0

R1(config-if)#ip address 1.1.1.1 255.0.0.0

R1(config-if)#no shutdown

R1(config-if)#exit

*Jun 22 17:30:44.111: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial4/0, changed state to up

R1(config)#interface fastethernet 0/0

R1(config-if)#ip addres 192.168.1.1 255.255.255.0

R1(config-if)#no shutdown

R1(config-if)#exit

*Jun 22 17:31:13.959: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,

R2(config)#interface serial 4/0

R2(config-if)#ip address 1.1.1.2 255.0.0.0

R2(config-if)#no shutdown

R2(config-if)#exit

*Jun 22 12:27:58.131: %LINK-3-UPDOWN: Interface Serial4/0, changed state to up

*Jun 22 12:27:59.135: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial4/0,

R2(config)#interface fastethernet 0/0

R2(config-if)#ip address 192.168.2.1 255.255.255.0

R2(config-if)#no shutdown

R2(config-if)#exit

R1(config)#ip route 1.0.0.0 255.0.0.0 1.1.1.2

R1(config)#ip route 192.168.2.0 255.255.255.0 1.1.1.2

R2(config)#ip route 1.0.0.0 255.0.0.0 1.1.1.1

R2(config)#ip route 192.168.1.0 255.255.255.0 1.1.1.1

R2(config)#exit

R2#show ip route static

S 192.168.1.0/24 [1/0] via 1.1.1.1

R1#show ip route static

S 192.168.2.0/24 [1/0] via 1.1.1.2

(Now we try to ping from PCs to KALI and we will make sure the network is working fine)

PC1> ping 192.168.2.25

84 bytes from 192.168.2.25 icmp_seq=1 ttl=62 time=62.669 ms

84 bytes from 192.168.2.25 icmp_seq=2 ttl=62 time=66.405 ms

84 bytes from 192.168.2.25 icmp_seq=3 ttl=62 time=63.907 ms

84 bytes from 192.168.2.25 icmp_seq=4 ttl=62 time=70.719 ms

84 bytes from 192.168.2.25 icmp_seq=5 ttl=62 time=62.990 ms

SERVER-1> ping 192.168.2.25

84 bytes from 192.168.2.25 icmp_seq=1 ttl=62 time=63.265 ms

84 bytes from 192.168.2.25 icmp_seq=2 ttl=62 time=64.596 ms

84 bytes from 192.168.2.25 icmp_seq=3 ttl=62 time=72.530 ms

84 bytes from 192.168.2.25 icmp_seq=4 ttl=62 time=63.830 ms

84 bytes from 192.168.2.25 icmp_seq=5 ttl=62 time=64.962 ms

(AS OF NOW EVERYTHING IS WORKING FINE, NOW WE ARE GOING TO ATTACK OUR VICTIM SERVER-1)

(Now we are going to capture traffic with the help of Wireshark)

(As you can see from the above output, we are capturing traffic between router-1 and router-2 and router-1 is getting thousands of ICMP requests. now capture traffic between server and switch)

(Now you will see router-1 sending ICMP requests and now our server is getting down) let's see on the server)

SERVER-1>

SERVER-1> ping 192.168.1.10

84 bytes from 192.168.1.10 icmp_seq=1 ttl=64 time=25.006 ms

queue is full

84 bytes from 192.168.1.10 icmp_seq=2 ttl=64 time=5.128 ms

queue is full

84 bytes from 192.168.1.10 icmp_seq=3 ttl=64 time=10.348 ms

queue is full

84 bytes from 192.168.1.10 icmp_seq=4 ttl=64 time=7.397 ms

queue is full

84 bytes from 192.168.1.10 icmp_seq=5 ttl=64 time=6.493 ms

queue is full

SERVER-1>

(When we try to ping PC1 from the server the queue is full. Soon our server goes down and it chocked up)

(Now the question comes to how to prevent SMURF ATTACK)

R1(config)#interface serial 4/0

R1(config-if)#no ip broadcast-address

R1(config-if)#ip verify unicast source reachable-via rx allow-default allow-self-ping

R1(config-if)#ip cef

(Now again we try to ping from server to PC)

SERVER-1> ping 192.168.1.10

84 bytes from 192.168.1.10 icmp_seq=1 ttl=64 time=13.014 ms

84 bytes from 192.168.1.10 icmp_seq=2 ttl=64 time=6.296 ms

84 bytes from 192.168.1.10 icmp_seq=3 ttl=64 time=6.508 ms

84 bytes from 192.168.1.10 icmp_seq=4 ttl=64 time=9.503 ms

84 bytes from 192.168.1.10 icmp_seq=5 ttl=64 time=6.806 ms

(As you can see the server is working fine no queues full one more thing try to capture traffic between the victim and switch)

(Now our network is working fine and thank you so much for reading)

if you like this blog please visit our YouTube program.

https://www.youtube.com/watch?v=jCmgkqlCjuY&t=4s

Tuesday 13 June 2023

How to configure MAC address flooding attack? How to prevent MAC flooding attack? | cyber security | ethical hacking

MAC address flooding attack or CAM overflow attack is a very serious concern for ethical hackers, this can leave your systems vulnerable to attack.

How MAC flooding attack works?

The first attacker finds the connection and connects to your switch then the attacker starts to flood large numbers of fake source MAC addresses to switch with port mappings. Now we know switches have a limited amount of memory and when memory is full and there is no space left for a new MAC address in the table. Our switch will act like a hub and frames are flooded to all ports. Now attackers can capture sensitive data from the network.

Now let’s configure MAC address flooding attack and then we see how to prevent overflow attacks.

configure the topology as per the diagram
configure the IP addresses as per the topology
configure a static IP address on KALI MACHINE
make sure all the PC able to communicate including KALI with the ping command.
configure Wireshark on the KALI machine for ICMP capture
and configure CYBER ATTACK MAC flooding with the help of Kali.
check the MAC table on the switch if it's full of FAKE MAC addresses
configure port security on a switch and make sure will not happen again.
try again MAC flooding ATTACK and make sure to switch take action shutdown attacking port.

{configure the IP addresses as per the topology}

PC1> show ip all

NAME IP/MASK GATEWAY MAC DNS

PC1 10.1.1.3/8 10.1.1.1 00:50:79:66:68:00

PC2> show ip all

NAME IP/MASK GATEWAY MAC DNS

PC2 10.1.1.4/8 10.1.1.1 00:50:79:66:68:01

PC3> show ip all

NAME IP/MASK GATEWAY MAC DNS

PC3 10.1.1.5/8 10.1.1.1 00:50:79:66:68:02

PC4> show ip all

NAME IP/MASK GATEWAY MAC DNS

PC4 10.1.1.6/8 10.1.1.1 00:50:79:66:68:03

PC5> show ip all

NAME IP/MASK GATEWAY MAC DNS

PC5 10.1.1.7/8 10.1.1.1 00:50:79:66:68:04

{configuring Kali first bootup}

{now configure a static IP address on KALI MACHINE}

{verify the IP address}

{make sure all the PC able to communicate including KALI with the ping command}

PC1> ping 10.1.1.2

84 bytes from 10.1.1.2 icmp_seq=1 ttl=64 time=10.039 ms

84 bytes from 10.1.1.2 icmp_seq=2 ttl=64 time=15.646 ms

84 bytes from 10.1.1.2 icmp_seq=3 ttl=64 time=18.816 ms

84 bytes from 10.1.1.2 icmp_seq=4 ttl=64 time=8.456 ms

84 bytes from 10.1.1.2 icmp_seq=5 ttl=64 time=64.010 ms

PC2> ping 10.1.1.5

84 bytes from 10.1.1.5 icmp_seq=1 ttl=64 time=34.211 ms

84 bytes from 10.1.1.5 icmp_seq=2 ttl=64 time=8.096 ms

84 bytes from 10.1.1.5 icmp_seq=3 ttl=64 time=25.769 ms

84 bytes from 10.1.1.5 icmp_seq=4 ttl=64 time=10.434 ms

84 bytes from 10.1.1.5 icmp_seq=5 ttl=64 time=18.360 ms

PC1 : 10.1.1.5 255.0.0.0 gateway 10.1.1.1

PC3> ping 10.1.1.6

84 bytes from 10.1.1.6 icmp_seq=1 ttl=64 time=13.186 ms

84 bytes from 10.1.1.6 icmp_seq=2 ttl=64 time=12.276 ms

84 bytes from 10.1.1.6 icmp_seq=3 ttl=64 time=38.496 ms

84 bytes from 10.1.1.6 icmp_seq=4 ttl=64 time=34.286 ms

84 bytes from 10.1.1.6 icmp_seq=5 ttl=64 time=15.887 ms

PC4> ping 10.1.1.7

84 bytes from 10.1.1.7 icmp_seq=1 ttl=64 time=26.638 ms

84 bytes from 10.1.1.7 icmp_seq=2 ttl=64 time=10.758 ms

84 bytes from 10.1.1.7 icmp_seq=3 ttl=64 time=48.530 ms

84 bytes from 10.1.1.7 icmp_seq=4 ttl=64 time=81.011 ms

84 bytes from 10.1.1.7 icmp_seq=5 ttl=64 time=60.035 ms

PC5> ping 10.1.1.3

84 bytes from 10.1.1.3 icmp_seq=1 ttl=64 time=20.204 ms

84 bytes from 10.1.1.3 icmp_seq=2 ttl=64 time=61.496 ms

84 bytes from 10.1.1.3 icmp_seq=3 ttl=64 time=15.266 ms

84 bytes from 10.1.1.3 icmp_seq=4 ttl=64 time=19.207 ms

84 bytes from 10.1.1.3 icmp_seq=5 ttl=64 time=10.576 ms

{now ping from Kali}

(Now let's take a look at the switch MAC table we have 6 PCs)

vIOS-L2-01#show mac address-table

Mac Address Table

-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

1 0050.7966.6800 DYNAMIC Gi0/1

1 0050.7966.6801 DYNAMIC Gi0/2

1 0050.7966.6802 DYNAMIC Gi0/3

1 0050.7966.6803 DYNAMIC Gi1/0

1 0050.7966.6804 DYNAMIC Gi1/1

1 0c67.5676.0000 DYNAMIC Gi0/0

Total Mac Addresses for this criterion: 6

(As of now everything is working good now let configure MAC flooding ATTACK)

configure Wireshark on the KALI machine for ICMP capture)

{now configure MAC flooding ATTACK}

(As you can see from the above image our machine sending fake MAC address continuously now let's take a look on Wireshark)

{now let's take a look at our switch MAC address table}

(As you can see from the above output, the MAC address table is getting full by FAKE MAC addresses and it's getting from Gig 0/0 which is connected with the KALI machine)

configure port security on a switch and make sure will not happen again.

vIOS-L2-01(config)#interface gigabitEthernet 0/0

vIOS-L2-01(config-if)#switchport

vIOS-L2-01(config-if)#switchport mode access

vIOS-L2-01(config-if)#switch port-security

vIOS-L2-01(config-if)#switch port-security maximum 2

vIOS-L2-01(config-if)#switchport port-security mac-address sticky

vIOS-L2-01(config-if)#switchport port-security violation shutdown

vIOS-L2-01(config-if)#exit

vIOS-L2-01#show port-security

Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action

(Count) (Count) (Count)

---------------------------------------------------------------------------

Gi0/0 2 1 0 Protect

---------------------------------------------------------------------------

Total Addresses in System (excluding one mac per port) : 0

Max Addresses limit in System (excluding one mac per port) : 4096

{try again MAC flooding ATTACK and make sure to switch take action shutdown attacking port}

(Now let's see the switch is taking action or not)

*Jun 13 07:36:41.843: %PM-4-ERR_DISABLE: psecure-violation error detected on Gi0/0, putting Gi0/0 in err-disable state

vIOS-L2-01(config)#

*Jun 13 07:36:41.848: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address bebc.f55f.9ae2 on port GigabitEthernet0/0.

vIOS-L2-01(config)#

*Jun 13 07:36:42.844: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down

vIOS-L2-01(config)#

*Jun 13 07:36:43.848: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to down

(As you can see the switch is shutdown the violation hacker port. this is how we can prevent MAC flooding attacks)

vIOS-L2-01#show mac address-table

Mac Address Table

-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

1 0050.7966.6800 DYNAMIC Gi0/1

Total Mac Addresses for this criterion: 1

thank you so much for visiting, please visit our YouTube video

https://www.youtube.com/channel/UCTntCPU-JjRSarfNdM7BHQg

Internetworks

Pages

Thursday 20 July 2023

What is VLAN Access List? How to configure VACL?

Saturday 15 July 2023

What is Private VLAN? How to configure Private VLAN? #PVLAN

Thursday 29 June 2023

What is Administrative Distance? How to change AD value of OSPF, EIGRP, RIPv2 and BGP?

Administrative Distances

What will happen if our router receives two updates for the same remote network?

Now again, what will happen if both the advertise updates have the same AD for the same remote network?

Now one more time again, what if both advertise updates (route) have the same AD, and the same metric which route a router will install in its routing table?

The administrative distance default values

Thursday 22 June 2023

What is Smurf attack DDoS attack? How to configure Smurf attack?

Tuesday 13 June 2023

How to configure MAC address flooding attack? How to prevent MAC flooding attack? | cyber security | ethical hacking

What is Virtual Router Redundancy Protocol (VRRP)? How to configure Virtual Router Redundancy Protocol (VRRP)?