Layer 2 attacks: Overview

- [Instructor] We know that there are a number of different types of attacks. A security specialist should become familiar with the different tools that are available. Although this is not part of the CCNA security, I wanted to make you aware of Kali Linux. Kali Linux is an advanced penetration testing tool, but it can also be used to launch an attack. I'm at the web page and here is where you can download and install Kali Linux. I downloaded and installed Kali Linux on a virtual machine, and I want to show you that are a number of different applications an attacker can launch as you can see from information gathering, vulnerability analysis, database assessment, password attacks, wireless attacks, and others. One tool that can be used to launch many different types of attacks is called Yersinia. I'll open up Yersinia and I'll show you the different types of attacks against layer two that's available in Yersinia. I'll go to the graphical user interface and it says it's an alpha version. Once I'm in, you can take a look at the different tabs and this is what I might select to launch an attack. I'll go to launch an attack. And here we can see Choose protocol attack. One here we can see Cisco discovery protocol, sending CDP packet, flooding the CDP table, and setting up a virtual device. With DHCP, here you can see that there are a number of different things that can be done. Sending RAW packet, sending DISCOVER packet, creating DHCP rogue server, and sending a RELEASE packet which would take someone's IP address away. Spanning tree protocol, here you can see that we can launch an attack by claiming root role, claiming other role, claiming root role with man in the middle, and other attacks. And there's also Vlan trunking protocol. So although that isn't part of the Cisco CCNA security course, again it's something that I wanted you to be aware of. There are a number of different tools and attacks that can be launched against your network, but there are a number of defense methods. Different technologies that we used to mitigate attacks, such as DHCP snooping, dynamic ARP inspection, port security, BPDU guard, root guard, and loop guard. Layer two is the data link layer. Switches operate in layer two and the data link layers primary role is proper frame formation. And the most commonly used frame on a local area network today is an ethernet two frame. We also see address resolution protocol which is a protocol that's underneath layer three. It has no IP header, but it does a resolution of the IP address to the MAC address, and that's why I placed it in between layer three and layer two. Layer two can be a very weak layer, and if attacked, any higher layers will most likely be affected, and that includes your users. Layer two or the data link can fall victim to many different types of attacks. Here are a few. With a spanning tree protocol attack, this sends multiple BPDU messages and creates a constant state of reelecting the root bridge. This then allows an attacker to be a man in the middle and see frames from multiple sources. There are a few spoofing attacks. ARP spoofing or ARP cache poisoning is a technique used in a man in the middle attack. With MAC spoofing, we change the MAC address on the NIC card and allow an attacker to intercept traffic to launch a man in the middle attack. A Macof attack is launched against a switch and the attacker floods the CAM table so that the switch is unable to deliver the data. And there are a few protocol attacks as well. Cisco discovery protocol is in the clear and unauthenticated. And attacker can sniff the network and discover information about the devices. VLAN hopping attacks allows an attacker to gain access to traffic on other VLANs not normally accessible. And DHCP attacks provide clients with bogus addresses and other information such as gateway and DNS server IP addresses.