Locker Combination Big Nate Island

Avoid uncontrolled

One type consists of attacks that impersonate DHCP server on the network . So the team can force the traffic generated from computers with dynamic IP to pass through your network card (and capture the desired information.) Is a typical attack Man-in-the-Middle .

If a network is not going to use dynamic addressing can block traffic protodolo DHCP, but if needed we must allow this protocol. The current switches allow us to restrict this traffic so that only authorized servers (the people managing Systems) send this information has thus preventing intruders posing as DHCP servers.

Overall implementation of this security policy is as easy as:

Enable Protection
2. Identify DHCP server IP authorized to submit this protocol
3. identify from which port will receive this traffic

Point 3 is usually more complicated, but generally for access switches protocol DHCP should only be reached by the uplink . This point will change depending on the network that we have assembled: we must take into account existing loops (the spanning-tree can give us a call at this point), etc. I advise to have a very clear network map indicating where the server and what are the roads that can track the traffic to reach the final customer. An example

an access switch HP brand. In other similar brands will be changing commands.

1. Activate the DHCP protection:

ACC-SW01 (config) # dhcp-snooping

2. Indicate that servers are the officers:

ACC-SW01 (config) # dhcp-snooping-server Authorized 10.10.10.10
ACC-SW01 (config) # dhcp-snooping-server 10.10.10.15 Authorized

3. Indicate from which port will accept this traffic (which is the way to get from our switch to the authoritative name servers). Ed access from a computer most likely be the uplink:

ACC-SW01 (config) # dhcp-snooping trust trk1 (we assume that the uplink is a trunk and called trk1)

This is the basic idea ... obviously complicate it:) Take