One of the most secure methods of protecting layer two is IP source guard with MAC verification. IP source guard works in conjunction with port security and DHCP snooping to block all ingress traffic not sourced from the IP and MAC recorded in the DHCP snooping database. (This article only discusses IP source guard with MAC verification, port security and option 82 is not necessary if you are not using MAC verification.)
Most IT pros have heard of CAM table overflow attacks or MAC address flooding attacks and understand at least the basic concept; send a ton of frames with different source MAC addresses to a switch, thereby causing the CAM table to fill and the switch begins to act more like a hub. While the basic idea is correct it’s not quite that simple. An important factor is how the switch manages the entries in the CAM table, Cisco switches maintain an entry until the aging timer for the entry expires. Even if the CAM table fills due to an attack the existing valid entries will continue to be honored and traffic for those addresses will not be flooded out all ports.
Have you ever wanted to view the traffic on a link without forcing it to half-duplex with a hub or spending an exorbitant amount of money on a aggregating tap? A cheap DIY passive tap may be your answer.
Before we get into the build lets explore the types of network taps and their pros and cons. Read the rest of this entry »