It is time to take a look at some security issues. One of the common attacking methods implemented by hackers is : Dsniff. So we need to answer “what is dsniff” , “how dsniff works” , “how we can get rid off dsniff” and etc.

hacker

This is how dsniff works:  Hacker sends lots of MAC sources to the switch port.So MAC address table increases , increases and increases till infinite ! After a time, switch can’t learn more MAC addresses and starts to behave like a “hub” and forwards all packets to all ports and attacker can get this information ! Oh my god it sounds terrible right ? Yup but we have chances to survive from dsniff. First way we can do about this issue is implementing “port security” to our switch ports.

PORT SECURITY CONFIGURATION (DSNIFF PROTECTION)

SWITCH_A(conf)#interface Fa0/21
SWITCH_A(conf-if)#switchport mode access
SWITCH_A(conf-if)#switchport port-security
SWITCH_A(conf-if)#switchport port-security maximum 1

This is how we implement port-security to a switch port ( in this example fa0/21 ) . Here we just let 1 MAC-Adress to the switch port. If two devices ( MACs ) want to connect from this switch port ( via a hub or another switch or etc ) switch port shuts down itself ! It gets into the error-disable mode and nothing works.

Awesome ha ?  If we are sure that network is safe anymore , we should the the configuration below to make the f0/21 up again :

SWITCH_A(conf)#interface Fa0/21
SWITCH_A(conf-if)#shutdown
SWITCH_A(conf-if)#no shutdown

 

After this configuration, port won’t be in error-disable mode anymore.

STATIC MAC ADDRESS

Static MAC address is another way to get rid of Dsniff. With the configuration below, we are providing that only the device with “Mac-address 1111.1111.1111” can work from fa0/21.

 

SWITCH_A(conf)#interface Fa0/21
SWITCH_A(conf-if)#switchport port-security mac-address 1111.1111.1111