Also, the use of ip source binding was also unavailable. Note: The running-config is actually changed to add new “sticky” lines with the actual mac addresses added “…sticky #.#.#”Īlso, I’ll note here, I attempted to proceed with DAI (Dynamic ARP Inspection) but the switch’s CLI simply returned an error that the ip arp… command is invalid. So this time I used the right IOS, so we get to see some security in action. Port-security mac-address sticky command next time.” However, later research on the Cisco web site indicates it’s not (see Note 1 below). Though I followed Cisco’s instructions (ISBN-10: 1-58720-171-2) where it indicates that Sticky Learning is the default. “During this practice setup, I found that the 3550 switch DID restrict use of multiple MACs it didn’t learn a “Sticky MAC” address and permitted me to swap out one PC for another. Last time the Sticky wasn’t working quite right (thanks to errors in Cisco book!): But, it does afford some level of protection, so off we go… Shoot, I can even plug in my old Linksys NAT router, have it “clone” my PC’s mac address and it will be able to circumnavigate all of the above listed exploits. We can mitigate problems from normal, non-hacker users presumably hackers could spoof a laptops MAC address. It’s easy to see that the VM – Parallels in this case – uses a separate MAC address for its separate IP in the following screen shot:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |