ࡱ;   !"#$%&'()*+,-./0123456789:;<=>?ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~Root Entry  !r\V)䰱 PresentationStarImpress 5.0LuS@S@ I8 @?JzVVH@@EHSfxDocumentInfo  T1D q1Ԩ q1 Info 0 Info 1 Info 2 Info 3 q1$<<44Standard LIBIMBEDDED LIBIMBEDDED1,,,1SBX sb : Standard StarBASICSBX ARSBX AR SBX ARSBX OBc BasicLibrariesBasicLibrariesSBX ARSBX AR SBX ARSBX OBe DialogLibrariesDialogLibrariesSBX ARSBX AR SBX AR2c%bqqOh+'0 h t 233@)@,@Pt,@:)XXOutdevItemPool 1   )     &'()*+,-./06789:;UVWXYZ[\]c !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstt      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefd0n&'@qLXX'4@Dashed 1X':@2XXXX&' @'X'E@xArrow X'E@Arrow X'.@,XXX'"@-,XX'@UXX'@xX@X@X @ @ @ @ @*'@LIXX'b@̙FXX X2XD'@@  Gradient 1ddX'2@H Hatching 1X'*@~Bitmap 1BMvv(@@SD@x^SI 0 s\ z 46ZBn8x)1̔.<觔B+̄ ޢ40:prf |q]~+H~|WFMbP@aoCē[ȡz6~U{߃   @T  @j  @  @ @ X@ X@ X @  @!  @7 ( @M ( @c ( @y ( @ ( @ ( @ ( @ ( @ (  @ (! @ (" @) (# @? $$ @U %% @k && @ '' @ (( @ )) @ ;(+@ XX,, @ X--"@= ,XX.."@k ,XX//@ X00 @ 11 @ 22 @ 33 @ 44 @55 @66 @-II@ hihH$ P@  1H x! H 0H lcHXFXNXVX^XfXnXvX~XXXXXXJJ@ R5-0)g% 50 4 P)  / 0+  3L3XXXX&X.X6X>XFXNXVX^XfXnXvX~XXKK@A UXX(L @_MM"@XXNN"@XXOO"@XXPP"@XXQQ@9$XXRR @WSS @mTT @UU@!XVV2@XXXX WW @XX @ YY @"ZZ @8[[ @N\\ @d]] @z^^ @__ @aa @bb @cc @dd @ee @ @ '''''''XXX X&X,XDXJXVXb @ H'''''''''''''XXX&X2X>XPX\XnX**<@XXXX X&77L@,,XXXX X&X,HH@+'@'A' ' @'A' +'' @'A' +'' <(@' <(@'+'+''   <(@'+' @'1'+'' <(@'  <(@'"A' 1'+''!'''''''''%'<(@''XXX8X\XXXXXXXXX"X:Xff&@&JJKKQQVV IIJJKKMMNNOOPPQQUUVV IIJJKKMMNNOOPPQQUUVV IIJJKKMMNNOOPPQQUUVVIIJJKKIIJJKKQQVVIIQQVVJJKK JJKK  JJKKMMNNOOPPQQUUVV  JJKKMMNNOOPPQQUUVV IIJJ KK JJ KKMMNNOOPPQQUUVVJJ KKIIJJ KK IIJJ KKMMNNOOPPQQUUVVIIJJ KKIIJJ KK JJKKMMNNOOPPQQUUVV IIJJKKII JJ KKIIJJ KKII JJ KKIIJJKKII JJ KK II JJ KKMMNNOOPPQQUUVVII JJ KKIIJJ KK IIJJ KKMMNNOOPPQQUUVVIIJJ KK IIJJ KKMMNNOOPPQQUUVV IIJJ KK! IIJJ KKMMNNOOPPQQUUVV"IIJJ KK#IIJJ KK$IIJJ KK%IIJJ KKXX,XnXXX X"X4XLX^XpXXXX<XNXfXXXXX,XDX\XtXXXXXXXXpXXX X$X<XT8x;;[{ AaG]|)?Uu "8Ndz * @ V l  2 R h ~   L z ,Ba #9Oe{m+s P>EditEngineItemPool 6f180.sW* @ * @0 * @F g* &@ F "X2StarBats -"2StarBats -"2StarBats -"` ` 2StarBats -" 2StarBats -"2StarBats -"hh2StarBats -"2StarBats -"2StarBats -"pp2StarBats - "2StarBats -"2StarBats -"2StarBats -"` ` 2StarBats -" 2StarBats -"2StarBats -"hh2StarBats -"2StarBats -"2StarBats -"pp2StarBats - "2StarBatsNd"2StarBatsNd"g 2StarBatsNd"]` 2StarBatsNd"S 2StarBatsNd"S2StarBatsNddd"Sh2StarBatsNddd"S2StarBatsNddd"S2StarBatsNddd"Sp2StarBatsNdddr  d}2StarBats KV 2StarBats K2StarBats K` 2StarBats Kd 2StarBats Kd2StarBats ddKdh2StarBats ddKd2StarBats ddKd2StarBats ddK "2StarBatsN-"2StarBats-"2StarBats-"` ` 2StarBats-" 2StarBats-"2StarBats-"hh2StarBats-"2StarBats-"2StarBats-"pp2StarBats- H2StarBats d2StarBats dg 2StarBats d]` 2StarBats dS 2StarBatsdS2StarBats,,dSh2StarBatsdS2StarBatsdS2StarBats d "2StarBatsNd"2StarBatsNd"g 2StarBatsNd"]` 2StarBatsNd"S 2StarBatsNd"S2StarBatsN d"Sh2StarBatsNd"S2StarBatsNd"S2StarBatsN d"Sp2StarBatsN d  d"}2StarBats -V 2StarBats K"2StarBats -` 2StarBats K"d 2StarBats -"d2StarBats dd-"dh2StarBats dd-"d2StarBats dd-"2StarBats- "2StarBatsNd"2StarBatsN,"g 2StarBatsNd"]` 2StarBatsNd"S 2StarBatsNd"S2StarBatsNd"Sh2StarBatsNd"S2StarBatsNd"S2StarBatsNd"Sp2StarBatsNdXXjXX" XFXXXX" @F@G8eXX@Hdddddd<dddxOdddYdddYsjdddjYs dddY  ddd YD dddYDdddYDdddYD8ddd8YDXdddXYDxdddxYD!ddd!YDXX!X4XGX`XyXXXXXXX(XAXZ<( n@ )IQj   XXXX X&X,X2X8X>XD (@K StarSymbol!?- StarSymbol!?d StarSymbol!?-  StarSymbolX!- StarSymbolX!?,K StarSymbol!?K StarSymbol!?KXXIXXXX5Xp@'-c@3M]ddddddY|` ddd` YdddYdddYpdddpY ddd Y  ddd Y %ddd%Y 0*ddd0*Yddd,dd|dddddddV dddV ddddddddddd Nddd"#dd}d#PdddY}&V dddV Y)dddYXX!X:XSXlXXXXXXXX(X;XNXaXtXXXXXXA'@ )Ndddddddd dd  dd dd ddddd#ddddXdXXX&X2X>XJXVXbXnXzX1'@vN&dX+'2@N9XXXX '@R, , , , , , , ", ', ,, 1, 6, ;, ~@, tE, jJ, `O, VT, LY, B^, 8c, =, 3, ) , , , , , #, (, -, 2, 7, <, A, F, K, P, U, Z, _, O, E, ; , 1, ', , , #, ', ,, 1, 6, ;, @, E, J, O, T, Y, ^, , , , w, m, c, Y, O#, E(, ;-, 12, '7, <, A, F, J, O, T, Y, ^, , , , , , , , #, (, -, x2, n7, d<, ZA, PF, FK, a! Home~LT~TitelW > azxV4B1eZ#Click to edit the title text format Home~LT~Titel<( (@'DrObaSVDr&W )aVI(Home~LT~Gliederung 1W )aVI xV4B1Z %Click to edit the outline text formatHome~LT~Gliederung 1 <( (@'Second Outline LevelHome~LT~Gliederung 2 <( (@'Third Outline LevelHome~LT~Gliederung 3 <( (@'Fourth Outline LevelHome~LT~Gliederung 4<( (@'Fifth Outline LevelHome~LT~Gliederung 5<( (@'Sixth Outline LevelHome~LT~Gliederung 6<( (@'Seventh Outline LevelHome~LT~Gliederung 7<( (@' Eighth Outline LevelHome~LT~Gliederung 8<( (@' Ninth Outline LevelHome~LT~Gliederung 9<(  (@'  DrXXHomegg ^Home~LT~GliederungDrMP%JoeMVT$mDrML DrObSVDrTlc]SDUDQ DefaultTlDrObSVDrTlc]SDUDQ DefaultTlDrObSVDrTlc]SDUDQ DefaultTlDrObSVDr&5 B"0! Home~LT~Titel5 B"0nxV4B1YZClick to move the slide Home~LT~Titel<( (@'DrObSVDr& 3CG]# Home~LT~Notizen 3CG]wxV4B1bZClick to edit the notes formatHome~LT~Notizen<( (@'DrXXHomegg VHome~LT~GliederungDrPgcJoeM$mVTDrML8DrMD,DrXX Handoutsgg FHome~LT~GliederungDrPgVJoeM$mVTDrML8DrMD,DrObSVDrW > ac]SDUDQ ! Home~LT~TitelW > axV4B1ZLocal Network Attacks Home~LT~Titel<( (@'+'DrObfSVDrW )aVIc]SDUDQ  DefaultW )aVIxV4B1pZ John KristoffDefaultg*<( (@' 1'+'   Defaultg*<( (@' 1'+' Defaultg*<( (@' 1'+' +1 312 362-5878Defaultg*<( (@' 1'+' DePaul UniversityDefaultg*<( (@' 1'+' Chicago, IL 60604Defaultg*<( (@' 1'+' DrXXgg JHome~LT~GliederungDrPgkJoeMVT$mDrML8DrMD,DrOb<SVDr&5 B0DrObJSVDr 3CG]c]SDUDQ # Home~LT~Notizen 3CG]kxV4B1VZClick to add notesHome~LT~Notizen<( (@'DrXXgg NHome~LT~GliederungDrPgZJoeM$mVTDrML8DrMD,DrObfSVDro Zac]SDUDQ ! Home~LT~Titelo ZaxV4B1tZAgenda Home~LT~Titel<( (@'+'DrObSVDrW aGc]SDUDQ ( Home~LT~Gliederung 1JW aG+xV4B1ZOverviewHome~LT~Gliederung 1g*<( (@'#Theoretical and example attacksHome~LT~Gliederung 1g*<( (@'#1How to resist (if possible) local network attacksHome~LT~Gliederung 2g*<( (@'&11 ReferencesHome~LT~Gliederung 1g*<( (@'#  ToolsHome~LT~Gliederung 1g*<( (@'#DrXXgg NHome~LT~GliederungDrPgmJoeMVT$mDrML8DrMD,DrOb<SVDr&5 B0DrObPSVDr 3CG]c]SDUDQ #Home~LT~Notizen 3CG]qxV4B1\ZClick to add notesHome~LT~Notizen<( (@''DrXXgg JHome~LT~GliederungDrPgbJoeM$mVTDrML8DrMD,DrObhSVDrW ac]SDUDQ !  Home~LT~TitelW axV4B1vZOverview Home~LT~Titel<( (@'+'DrObSVDrW ^a*Ic]SDUDQ ( Home~LT~Gliederung 1PW ^a*I1xV4B1Z0Local network attacks target an internal networkHome~LT~Gliederung 1g*<( (@'#00%Some attacks can be launched remotelyHome~LT~Gliederung 1g*<( (@'#%%2Most do not monitor or guard against local attacksHome~LT~Gliederung 1g*<( (@'#224Ultimately everything is a physical security problemHome~LT~Gliederung 1g*<( (@'#44DrXXgg NHome~LT~GliederungDrPgmJoeMVT$mDrML8DrMD,DrOb<SVDr&5 B0DrObPSVDr 3CG]c]SDUDQ #Home~LT~Notizen 3CG]qxV4B1\ZClick to add notesHome~LT~Notizen<( (@''DrXXgg JHome~LT~GliederungDrPgJoeM$mVTDrML8DrMD,DrObSVDrW ac]SDUDQ !  Home~LT~TitelW axV4B1ZTheoretical and Example Attacks Home~LT~Titel<( (@'+'DrOb/SVDrW ^a*Ic]SDUDQ ( Home~LT~Gliederung 1jW ^a*IKxV4B1,ZARPHome~LT~Gliederung 1g*<( (@'#LAN Bridge/SwitchHome~LT~Gliederung 1g*<( (@'#RoutingHome~LT~Gliederung 1g*<( (@'#DHCPHome~LT~Gliederung 1g*<( (@'# MulticastHome~LT~Gliederung 1g*<( (@'#  OtherHome~LT~Gliederung 1g*<( (@'#DrXXgg NHome~LT~GliederungDrPgmJoeMVT$mDrML8DrMD,DrOb<SVDr&5 B0DrObPSVDr 3CG]c]SDUDQ #Home~LT~Notizen 3CG]qxV4B1\ZClick to add notesHome~LT~Notizen<( (@''DrXXgg JHome~LT~GliederungDrPgJoeM$mVTDrML8DrMD,DrObqSVDrn  ac]SDUDQ ! Home~LT~Titeln  axV4B1ZARP-based Attacks Home~LT~Titel<( (@'+'DrOb@SVDrW aIc]SDUDQ ( Home~LT~Gliederung 1{W aI\xV4B1;ZARP request spoofingHome~LT~Gliederung 1g*<( (@'#/Responders to a request cache the sender's infoHome~LT~Gliederung 2g*<( (@'&///As do others who already have the sender's infoHome~LT~Gliederung 2g*<( (@'&//$ARP update spoofing (gratutious ARP)Home~LT~Gliederung 1g*<( (@'#$$Thinking out loud:Home~LT~Gliederung 1g*<( (@'#-Is UNARP widely used? Can we attack with it?Home~LT~Gliederung 2g*<( (@'&---Can we poison ARP entries to = group address?Home~LT~Gliederung 2g*<( (@'&--DrXXgg NHome~LT~GliederungDrPgmJoeMVT$mDrML8DrMD,DrOb<SVDr&5 B0 DrObPSVDr 3CG]c]SDUDQ #Home~LT~Notizen 3CG]qxV4B1\ZClick to add notesHome~LT~Notizen<( (@''DrXXgg JHome~LT~GliederungDrPg)JoeM$mVTDrML8DrMD,DrOb|SVDrn  ac]SDUDQ ! Home~LT~Titeln  axV4B1ZPreventing ARP-based Attacks Home~LT~Titel<( (@'+'DrObJSVDrW aJc]SDUDQ ( Home~LT~Gliederung 1W aJf xV4B1AZ +Use LAN switches with one port per end hostHome~LT~Gliederung 1g*<( (@'#++2Enable port security to limit source MAC addressesHome~LT~Gliederung 1g*<( (@'#22Use 802.1x port authenticationHome~LT~Gliederung 1g*<( (@'#0Enable (get) knobs on end hosts to validate ARPsHome~LT~Gliederung 1g*<( (@'#00How to best do this?Home~LT~Gliederung 2g*<( (@'&(Monitor LAN bridge/switch address tablesHome~LT~Gliederung 1g*<( (@'#((Monitor router ARP tablesHome~LT~Gliederung 1g*<( (@'#"Keep history of address/ARP tablesHome~LT~Gliederung 1g*<( (@'#""0FYI... vendors must support knobs (at line rate)Home~LT~Gliederung 1g*<( (@'#00DrXXgg NHome~LT~GliederungDrPgmJoeMVT$mDrML8DrMD,DrOb<SVDr&5 B0 DrObPSVDr 3CG]c]SDUDQ #Home~LT~Notizen 3CG]qxV4B1\ZClick to add notesHome~LT~Notizen<( (@''DrXXgg JHome~LT~GliederungDrPg7JoeM$mVTDrML8DrMD,DrObySVDrn  ac]SDUDQ ! Home~LT~Titeln  axV4B1ZLAN Bridge/Switch Attacks Home~LT~Titel<( (@'+'DrObSVDrW aIc]SDUDQ ( Home~LT~Gliederung 1W aIxV4B1Z-Overflow MAC address tables to cause floodingHome~LT~Gliederung 1g*<( (@'#--.Typical gear can hold a few thousand addressesHome~LT~Gliederung 2g*<( (@'&..,MAC addresses = 48 bits or >> a few thousandHome~LT~Gliederung 2g*<( (@'&,,!Spoof spanning tree BPDU messagesHome~LT~Gliederung 1g*<( (@'#!!#Take over as root/designated bridgeHome~LT~Gliederung 2g*<( (@'&##(Cause continuous topology recomputationsHome~LT~Gliederung 2g*<( (@'&(((Forge VLAN, priority or aggregation tagsHome~LT~Gliederung 1g*<( (@'#((,Spoof PAUSE (flow control) frames (gig only)Home~LT~Gliederung 1g*<( (@'#,,DrXXgg NHome~LT~GliederungDrPgmJoeMVT$mDrML8DrMD,DrOb<SVDr&5 B0 DrObPSVDr 3CG]c]SDUDQ #Home~LT~Notizen 3CG]qxV4B1\ZClick to add notesHome~LT~Notizen<( (@''DrXXgg JHome~LT~GliederungDrPg9JoeM$mVTDrML8DrMD,DrOb}SVDrn  ac]SDUDQ ! Home~LT~Titeln  axV4B1ZPreventing LAN Bridge Attacks Home~LT~Titel<( (@'+'DrObYSVDrW aIc]SDUDQ ( Home~LT~Gliederung 1W aIuxV4B1XZMonitor MAC address tablesHome~LT~Gliederung 1g*<( (@'#$Manually set root bridge and monitorHome~LT~Gliederung 1g*<( (@'#$$*Use knobs like Cisco's BPDU and Root GuardHome~LT~Gliederung 1g*<( (@'#**+Manually set and prune trunked switch portsHome~LT~Gliederung 1g*<( (@'#++Use 802.1x port authenticationHome~LT~Gliederung 1g*<( (@'#DrXXgg NHome~LT~GliederungDrPgmJoeMVT$mDrML8DrMD,DrOb<SVDr&5 B0DrObPSVDr 3CG]c]SDUDQ #Home~LT~Notizen 3CG]qxV4B1\ZClick to add notesHome~LT~Notizen<( (@''DrXXgg JHome~LT~GliederungDrPgJoeM$mVTDrML8DrMD,DrOboSVDrn  ac]SDUDQ ! Home~LT~Titeln  axV4B1}ZRouting Attacks Home~LT~Titel<( (@'+'DrOb,SVDrW aIc]SDUDQ ( Home~LT~Gliederung 1gW aIHxV4B1+ZRoute injectionHome~LT~Gliederung 1g*<( (@'#Route monitoringHome~LT~Gliederung 1g*<( (@'#Route redirectionHome~LT~Gliederung 1g*<( (@'#Route process DDoS attackHome~LT~Gliederung 1g*<( (@'#5Note, other types of local attacks may target routersHome~LT~Gliederung 1g*<( (@'#55DrXXgg NHome~LT~GliederungDrPgmJoeMVT$mDrML8DrMD,DrOb<SVDr&5 B0DrObPSVDr 3CG]c]SDUDQ #Home~LT~Notizen 3CG]qxV4B1\ZClick to add notesHome~LT~Notizen<( (@''DrXXgg JHome~LT~GliederungDrPgBJoeM$mVTDrML8DrMD,DrObzSVDrn  ac]SDUDQ !  Home~LT~Titeln  axV4B1ZPreventing Routing Attacks Home~LT~Titel<( (@'+'DrObSVDrW aIc]SDUDQ ( Home~LT~Gliederung 1W aIxV4B1Z1Strongly authenticate all routing updates/packetsHome~LT~Gliederung 1g*<( (@'#113Listen/send routing packets where there are routersHome~LT~Gliederung 1g*<( (@'#333Protect processes and access (ports, IPs, physical)Home~LT~Gliederung 1g*<( (@'#33Monitor routingHome~LT~Gliederung 1g*<( (@'#)Table size (especially changes over time)Home~LT~Gliederung 2g*<( (@'&))&Checksum values and LSA counts in OSPFHome~LT~Gliederung 2g*<( (@'&&&%Flaps, deaggreation, traffic patternsHome~LT~Gliederung 2g*<( (@'&%%1Build baseline network map (ala Ches's netmapper)Home~LT~Gliederung 1g*<( (@'#11DrXXgg NHome~LT~GliederungDrPgmJoeMVT$mDrML8DrMD,DrOb<SVDr&5 B0DrObPSVDr 3CG]c]SDUDQ #Home~LT~Notizen 3CG]qxV4B1\ZClick to add notesHome~LT~Notizen<( (@''DrXXgg JHome~LT~GliederungDrPgJoeM$mVTDrML8DrMD,DrOblSVDrn  ac]SDUDQ ! Home~LT~Titeln  axV4B1zZ DHCP Attacks Home~LT~Titel<( (@'+'    DrObSVDrW aIc]SDUDQ ( Home~LT~Gliederung 1W aIxV4B1ZSpoof DHCP requestsHome~LT~Gliederung 1g*<( (@'#.Spoof DHCP replies (or be a rogue DHCP server)Home~LT~Gliederung 1g*<( (@'#..Thinking out loud:Home~LT~Gliederung 1g*<( (@'#Can we spoof DHCP releases?Home~LT~Gliederung 2g*<( (@'&DrXXgg NHome~LT~GliederungDrPgmJoeMVT$mDrML8DrMD,DrOb<SVDr&5 B0DrObPSVDr 3CG]c]SDUDQ #Home~LT~Notizen 3CG]qxV4B1\ZClick to add notesHome~LT~Notizen<( (@''DrXXgg JHome~LT~GliederungDrPgJoeM$mVTDrML8DrMD,DrObwSVDrn  ac]SDUDQ !  Home~LT~Titeln  axV4B1ZPreventing DHCP Attacks Home~LT~Titel<( (@'+'DrOb)SVDrW aIc]SDUDQ ( Home~LT~Gliederung 1dW aIExV4B1$Z$Monitor DHCP discover/lease activityHome~LT~Gliederung 1g*<( (@'#$$+Monitor DHCP discovers, requests and offersHome~LT~Gliederung 1g*<( (@'#++-Clients broadcast request, contains server IPHome~LT~Gliederung 2g*<( (@'&--)Can monitor DHCP packets and contents at:Home~LT~Gliederung 2g*<( (@'&)) DHCP serversHome~LT~Gliederung 3g*<( (@')  Router edgesHome~LT~Gliederung 3g*<( (@')  .Use intra-VLAN knobs (e.g. Cisco's intra-VACL)Home~LT~Gliederung 1g*<( (@'#..DrXXgg NHome~LT~GliederungDrPgmJoeMVT$mDrML8DrMD,DrOb<SVDr&5 B0DrObPSVDr 3CG]c]SDUDQ #Home~LT~Notizen 3CG]qxV4B1\ZClick to add notesHome~LT~Notizen<( (@''DrXXgg JHome~LT~GliederungDrPgJoeM$mVTDrML8DrMD,DrObqSVDrn  ac]SDUDQ !  Home~LT~Titeln  axV4B1ZMulticast Attacks Home~LT~Titel<( (@'+'DrOb:SVDrW aIc]SDUDQ ( Home~LT~Gliederung 1uW aIV xV4B11Z +Spoof IGMP queries and take over as QuerierHome~LT~Gliederung 1g*<( (@'#++$+Spoof IGMP reports (joins)Home~LT~Gliederung 1g*<( (@'#)There are 224.0.0.0/4 IP multicast groupsHome~LT~Gliederung 2g*<( (@'&))&Spoof or simply generate group trafficHome~LT~Gliederung 1g*<( (@'#&&Thinking out load:Home~LT~Gliederung 1g*<( (@'#0Can a default querier(s) be configured on hosts?Home~LT~Gliederung 2g*<( (@'&00)Ala DHCP option or just set to default gwHome~LT~Gliederung 3g*<( (@')))/How to better authenticate group participation?Home~LT~Gliederung 2g*<( (@'&//0Will we see intentional multicast based attacks?Home~LT~Gliederung 2g*<( (@'&00DrXXgg NHome~LT~GliederungDrPgmJoeMVT$mDrML8DrMD,DrOb<SVDr&5 B0DrObPSVDr 3CG]c]SDUDQ # Home~LT~Notizen 3CG]qxV4B1\ZClick to add notesHome~LT~Notizen<( (@''DrXXgg JHome~LT~GliederungDrPgnJoeM$mVTDrML8DrMD,DrOb|SVDrn  ac]SDUDQ ! ! Home~LT~Titeln  axV4B1ZPreventing Multicast Attacks Home~LT~Titel<( (@'+'DrOb SVDrW aIc]SDUDQ ( Home~LT~Gliederung 1HW aI) xV4B1Z $Monitor IGMP querier on router edgesHome~LT~Gliederung 1g*<( (@'#$$)Monitor IP multicast group usage on edgesHome~LT~Gliederung 1g*<( (@'#))*Monitor IP multicate routing state changesHome~LT~Gliederung 1g*<( (@'#**4Heavily filter IP multicast group state, allow just:Home~LT~Gliederung 1g*<( (@'#44 224.0.0.0/8Home~LT~Gliederung 2g*<( (@'&  225.0.0.0/8Home~LT~Gliederung 2g*<( (@'&  &239.192.0.0/14 (internal only if used)Home~LT~Gliederung 2g*<( (@'&&&233.xx.yy.0/8 (GLOP space)Home~LT~Gliederung 2g*<( (@'&,Then filter out bogus groups in above rangesHome~LT~Gliederung 2g*<( (@'&,,DrXXgg NHome~LT~GliederungDrPgmJoeMVT$mDrML8DrMD,DrOb<SVDr&5 B0DrObPSVDr 3CG]c]SDUDQ #"Home~LT~Notizen 3CG]qxV4B1\ZClick to add notesHome~LT~Notizen<( (@''DrXXgg JHome~LT~GliederungDrPgLJoeM$mVTDrML8DrMD,DrObmSVDrn  ac]SDUDQ ! Home~LT~Titeln  axV4B1{Z Other Attacks Home~LT~Titel<( (@'+'    DrObSVDrW aIc]SDUDQ ( Home~LT~Gliederung 15W aIxV4B1Z%HSRP/VRRP - use MD5 auth and/or IPSECHome~LT~Gliederung 1g*<( (@'#%%(Wireless - better authentication needed!Home~LT~Gliederung 1g*<( (@'#(()See my first-teams post about finding APsHome~LT~Gliederung 2g*<( (@'&))-ICMP redirect, SQ, router adv. - easily fixedHome~LT~Gliederung 1g*<( (@'#--)Time sync - who is getting time from who?Home~LT~Gliederung 1g*<( (@'#))2IPv6 - potential problems with discovery/autoconf?Home~LT~Gliederung 1g*<( (@'#22DrXXgg NHome~LT~GliederungDrPgmJoeMVT$mDrML8DrMD,DrOb<SVDr&5 B0DrObPSVDr 3CG]c]SDUDQ ##Home~LT~Notizen 3CG]qxV4B1\ZClick to add notesHome~LT~Notizen<( (@''DrXXgg JHome~LT~GliederungDrPg JoeM$mVTDrML8DrMD,DrObjSVDrn  ac]SDUDQ ! Home~LT~Titeln  axV4B1xZ References Home~LT~Titel<( (@'+'    DrObSVDrW aIc]SDUDQ ( Home~LT~Gliederung 1W aIxV4B1ZLayer 2 Attacks and Their Mitigation, Cisco Networkers 2002 presentation or Hacking Layer 2: Fun with Ethernet Switches, Blackhat 2002Home~LT~Gliederung 1g*<( (@'#MDirected IGMP Report vulnerability: http://www.cs.ucsb.edu/~krishna/igmp_dos/Home~LT~Gliederung 1g*<( (@'#MMVMaking Multicast Hard (How to ward off DOS & other threats), Marshall Eubanks, IETF 51Home~LT~Gliederung 1g*<( (@'#VV:Gigabit Ethernet and The Switch Book, both by Rich SeifertHome~LT~Gliederung 1g*<( (@'#::DrXXgg NHome~LT~GliederungDrPgmJoeMVT$mDrML8DrMD,DrOb<SVDr&5 B0DrObPSVDr 3CG]c]SDUDQ #$Home~LT~Notizen 3CG]qxV4B1\ZClick to add notesHome~LT~Notizen<( (@''DrXXgg JHome~LT~GliederungDrPg6JoeM$mVTDrML8DrMD,DrObeSVDrn  ac]SDUDQ ! Home~LT~Titeln  axV4B1sZTools Home~LT~Titel<( (@'+'DrObnSVDrW aIc]SDUDQ ( Home~LT~Gliederung 1W aIxV4B1gZ&http://www.monkey.org/~dugsong/dsniff/Home~LT~Gliederung 1g*<( (@'#&&)Cammer from Tobias Oetiker (MRTG/RRDTool)Home~LT~Gliederung 1g*<( (@'#))#At http://cosi-nms.sourceforge.net:Home~LT~Gliederung 1g*<( (@'###ARPTrackHome~LT~Gliederung 2g*<( (@'&cislogHome~LT~Gliederung 2g*<( (@'& RouteCheckHome~LT~Gliederung 2g*<( (@'&  2I hope to do more (particularly multicast related)Home~LT~Gliederung 2g*<( (@'&22,We also have an unreleased AP MAC/IP trackerHome~LT~Gliederung 1g*<( (@'#,,DrXXgg NHome~LT~GliederungDrPgmJoeMVT$mDrML8DrMD,DrOb<SVDr&5 B0!DrObPSVDr 3CG]c]SDUDQ #%Home~LT~Notizen 3CG]qxV4B1\ZClick to add notesHome~LT~Notizen<( (@''DrXXgg JHome~LT~GliederungDrXXGeneric PrinterSGENPRTRtJobData 1 printer=Generic Printer orientation=Landscape copies=1 scale=0 margindajustment=0,0,0,0 colordepth=24 pslevel=0 colordevice=0 PPDContexData PageSize:A4 DrVwP SVDr SVDr:SVDr{{SVDrALayout:SVDr{{SVDr#SVDr SVDr# SVDr0 SVDr1 SVDr3 SVDr4SVDr@SVDr SVDrD SVDrP SVDrQ DrHL DrHL DrHL JzVV home/jtk/doc(@<I<I@=Ih=I@=I/jtk0(#H@om3D43DD >I >I=I.rdb@`=I`=I.user52.rdb(@0(#H@ H.D.D(V@V@<IXDDHpfile/jt( =I=I@>Ip>I@>I>IRoot Entry!r\V)䰱CompObjEOle persist elements" SfxDocumentInfo uBasicManager2 4StarBASICSfxWindowsStandardJSfxStyleSheetspSummaryInformation( (StarDrawDocument3$@