- CAM Table OverFlow Attack (DoS attack)(macof –i eth0): Port-Security
- DHCP Starvation Attack (DoS attack): Port-Security and Rate-limiting requests.
- DHCP Spoofing/Rogue DHCP Attack (Mitm attack): DHCP Snooping
- VLAN Hopping attack (negotiate trunk using DTP)(yersinia -G): set all the ports not connected to switches to no-negotiate and access ports, as by default they are set to negotiate i.e. ‘dynamic-auto’.
Also don’t use vlan1 as native vlan.
- Rogue Switch Attack (Switch Mitm i.e. becomes the root bridge): portfast and BPDU Guard (turned ON globally if the port is an access port)(shuts the port down).
BPDU Filter (Doesn’t allow BPDUs, but doesn’t shut the port down).
Root Guard (tell the switch that certain ports can’t be root ports i.e. if you are connected to legitimate switches).
- Arp Spoofing/ARP Poisoning attack (Gratuitous ARP) (Mitm attack): DAI (Dynamic Arp Inspection)
Cisco has a whole bunch of different operating systems for a variety of products:
- IOS runs on most Cisco routers and switches.
- IOS XE is a more modern, modular version of IOS.
- IOS XR runs on high-end routers.
- NX-OS runs on the Nexus line of datacenter switches.
- ASA OS runs on Cisco ASA devices.
- AireOS runs on Access Points.