10.4_MAC Address Table Attack

Question 1

command used to show mac address table

Answer 1

show mac address-table dynamic

Question 2

True or False
Traffic is flooded only within the local LAN or VLAN. The threat actor can only capture traffic within the local LAN or VLAN to which the threat actor is connected.

Answer 2

True
When this occurs, the switch treats the frame as an unknown unicast and begins to flood all incoming traffic out all ports on the same VLAN without referencing the MAC table. This condition now allows a threat actor to capture all of the frames sent from one host to another on the local LAN or local VLAN.

Question 3

If the threat actor stops ___ from running or is discovered and stopped, the switch eventually ages out the older MAC address entries from the table and begins to act like a switch again.

Answer 3

macof

Question 4

To mitigate MAC address table overflow attacks, network administrators must implement ___.

Answer 4

port security

Question 5

DHCP Attacks
Two types of DHCP attacks are ____

Answer 5

DHCP Starvation and DHCP Spoofing

Question 6

Both DHCP Starvation and DHCP Spoofing attacks are mitigated by implementing ___.

Answer 6

DHCP snooping

Question 7

The goal of the DHCP Starvation attack is to ____.

Answer 7

create a DoS for connecting clients.

Question 8

DHCP Starvation Attack
___ has the ability to look at the entire scope of leasable IP addresses and tries to lease them all. Specifically, it creates DHCP discovery messages with bogus MAC addresses.

Answer 8

Gobbler

Question 9

____occurs when a rogue DHCP server is connected to the network and provides false IP configuration parameters to legitimate clients.

Answer 9

DHCP Spoofing Attack

Question 10

DHCP Spoofing Attack
A rogue server can provide a variety of misleading information:

____: The rogue server provides an invalid gateway or the IP address of its host to create a man-in-the-middle attack. This may go entirely undetected as the intruder intercepts the data flow through the network.

Answer 10

Wrong default gateway

Question 11

DHCP Spoofing Attack
A rogue server can provide a variety of misleading information:

____: The rogue server provides an incorrect DNS server address pointing the user to a nefarious website.

Answer 11

Wrong DNS server

Question 12

DHCP Spoofing Attack
A rogue server can provide a variety of misleading information:

___: The rogue server provides an invalid IP address effectively creating a DoS attack on the DHCP client.

Answer 12

Wrong IP address

Question 13

ARP ATTACKS
According to the ARP RFC, a client is allowed to send an unsolicited ARP Request called a “__.”

Answer 13

gratuitous ARP

When a host sends a gratuitous ARP, other hosts on the subnet store the MAC address and IPv4 address contained in the gratuitous ARP in their ARP tables

Question 14

TRUE OR FALSE
The problem is that an attacker can send a gratuitous ARP message containing a spoofed MAC address to a switch, and the switch would update its MAC table accordingly.

Answer 14

TRUE
Therefore, any host can claim to be the owner of any IP and MAC address combination they choose. In a typical attack, a threat actor can send unsolicited ARP Replies to other hosts on the subnet with the MAC Address of the threat actor and the IPv4 address of the default gateway.

Question 15

ARP spoofing and ARP poisoning are mitigated by implementing __.

Answer 15

DAI

Question 16

____ is when a threat actor hijacks a valid IP address of another device on the subnet, or uses a random IP address

Answer 16

IP address spoofing

Question 17

TRUE OF FALSE
IP address spoofing is not difficult to mitigate, even when it is used inside a subnet in which the IP belongs.

Answer 17

FALSE
IP address spoofing is difficult to mitigate, especially when it is used inside a subnet in which the IP belongs.

Question 18

_____occur when the threat actors alter the MAC address of their host to match another known MAC address of a target host.

Answer 18

MAC address spoofing attacks

Question 19

To stop the switch from returning the port assignment to its correct state, the threat actor can create a ____ that will constantly send frames to the switch so that the switch maintains the incorrect or spoofed information.

Answer 19

program or script

Question 20

TRUE OR FALSE
There is no security mechanism at Layer 2 that allows a switch to verify the source of MAC addresses, which is what makes it so vulnerable to spoofing.

Answer 20

True

Question 21

IP and MAC address spoofing can be mitigated by implementing ___.

Answer 21

IPSG

Question 22

_Network attackers can manipulate the Spanning Tree Protocol (STP) to conduct an attack by spoofing the ___and changing the ___of a network

Answer 22

root bridge
topology

Question 23

To conduct an STP manipulation attack, the attacking host broadcasts STP _____ containing configuration and topology changes that will force spanning-tree recalculations

Answer 23

bridge protocol data units (BPDUs)

Question 24

The BPDUs sent by the attacking host announce a ____ in an attempt to be elected as the root bridge

Answer 24

lower bridge priority

Question 25

This STP attack is mitigated by implementing ___on all access ports.

Answer 25

BPDU Guard

Question 26

The __ is a proprietary Layer 2 link discovery protocol. It is enabled on all Cisco devices by default.

Answer 26

Cisco Discovery Protocol (CDP)

Question 27

TRUE OR FALSE
CDP broadcasts are sent encrypted and authenticated.

Answer 27

FALSE
CDP broadcasts are sent unencrypted and unauthenticated. Therefore, an attacker could interfere with the network infrastructure by sending crafted CDP frames containing bogus device information to directly-connected Cisco devices.

Question 28

To mitigate the exploitation of CDP,___ (limit/increase) the use of CDP on devices or ports.

Answer 28

limit

Question 29

To disable CDP globally on a device, use the __ global configuration mode command.

Answer 29

no cdp run

Question 30

To enable CDP globally, use the ___ global configuration command.

Answer 30

cdp run

Question 31

To disable CDP on a port, use the___interface configuration command

Answer 31

no cdp enable

Question 32

To enable CDP on a port, use the ____ interface configuration command.

Answer 32

cdp enable

Question 33

___ (LLDP) is also vulnerable to reconnaissance attacks.

Answer 33

Link Layer Discovery Protocol

Question 34

Configure ___to disable LLDP globally

Answer 34

no lldp run

Question 35

To disable LLDP on the interface, configure ___ and no ____.

Answer 35

no lldp transmit
lldp receive