Cisco Networkers presentation for new CCIE Voice exam LAB ver 3.0. Lot of good material for lab and new open ended questions preparation. If you pay close attention the 14 sessions presented in thi...
CCIE Service Provider Fundamentals Workbook.v1.2Full description
Full description
PEDOMAN IPSRSFull description
herramienta para el modelado de amenazasFull description
Descripción: Tograf Security version
Full description
Web Security
herramienta para el modelado de amenazasDescripción completa
CCIE Security Exam Quick Reference Sheets
Return to Table of Contents
Page 74
[ 73 ] CCIE Security Exam Quick Reference Sheets by Lancy Lobo and Umesh Lakshman
CHAPTER 7
CAM Table Overflow and MAC Address Spoofing NetFlow can be used to monitor the network, and applications such as NetFlow export mechanism used to send flow information to a NetFlow collector for data analysis and reporting.
CAM table overflow is caused by an intruder flooding the switch with billing can be associated with the flow’s information from the network. a large number of invalid-source MAC addresses, thus filling up the NetFlow cache switches packets belonging to a flow, resulting in faster content-addressable memory (CAM) table. The switch in this condition processing of the packets. NetFlow provides more detailed information then floods all ports with incoming traffic because it cannot locate the and more types of data on a per-interface basis and can scale to include port number for a particular MAC address in the CAM table. You can more interfaces. NetFlow has less of a performance impact than mitigate the CAM table overflow attack by configuring port security on Remote Monitoring (RMON) and does not require external probes. the switch. NetFlow allows high-level diagnostics to classify and identify network anomalies. MAC spoofing attacks involve the use of a known MAC address of
another host to attempt to make the target switch forward frames Changes in network behavior are obvious with NetFlow. NetFlow clasdestined for the remote host to the network attacker. By sending a sifies the attack and provides detailed flow information (who, what, single frame with the other host’s source Ethernet address, the network when, and where) about who is being attacked and the attack’s origin. attacker overwrites the CAM table entry so that the switch forwards In addition, you can learn how long the attack has been taking place packets destined for the host to the network attacker. Until the host and the size of packets used in the attack. The NetFlow cache can be sends traffic, it will not receive any traffic. When the host sends out enabled on an interface using the command ip route-cache flow. traffic, the CAM table entry is rewritten once more so that it moves Generic NetFlow export can be configured using the commands ip back to the original port. flow-export source interface, ip flow-export version version-number, and ip flow-export destination ip-address port. n set port security mod_num/port_num enable [mac_addr]— Enables port security on the desired ports. If desired, specify the secure MAC address.
n
set port security mod_num/port_num maximum num_of_mac—Specifies the number of MAC addresses to secure on a port.