Kali Linux—eNSP simulates switch MAC address flooding attack

Mobile 2023-05-07 22:47:46 views: null

1. Attack effect

  • The switch forwards (floods) to all ports, thereby intercepting the packet

2. Attack principle

  • The attacker sends a large number of useless data packets with different Mac addresses to the switch, occupying the MAC address table of the switch, so that the data packets sent by the normal communication device to the switch cannot find the corresponding Mac address, and are forwarded to all ports (pan Hong), thus intercepting the packet

3. Experimental environment

  • Kali Linux 2022
  • eNSP
    • Switch S5700
    • Client Client1
    • Server Server1
    • cloud: cloud1

4. Preparation stage

###1. eNSP topology construction

image-20221102184024914

It is the same network segment as my virtual network card address

image-20221102190608275

(2) Server Server1 configuration address 192.168.1.2

image-20221102190704133

And start the FTP service, choose the key point to start the file directory at will.

image-20221102184804713

(3) Configure Cloud1

  • Add UDP, VMnet1
  • Incoming port 1 Outgoing port 2 Bi-directional channel increase
  • Two of the terminal devices simulate normal communication devices in the environment, and Cloud is used to connect to Kali

image-20221102185408457

(4) Test the connectivity of two terminals.

image-20221102190740823

The local environment is connected, and we enter the kali end.

2. Kali Linux configuration

  • Connect kali to the same virtual NIC.
  • Manually configure the IP to be the same network segment
  • ping test network connectivity

image-20221102191447646

3. Return to ensp to view the mac address table of the switch.

image-20221102192042684

We now clear the address table and start the experiment

image-20221102192320944

After the deletion is complete, the mac address table is empty.

5. Attack stage

1. First, we open wireshark to grab the eth0 network card

image-20221102192607417

image-20221102192652151

2. Macof starts flooding attack

image-20221102192734078

View the mac address table at this time

image-20221102192915911

Because too many systems will automatically paginate him.

3. At this time, we try to log in to FTP.

image-20221102193047267

Because the mac address table is full and cannot learn new addresses, the login fails.

Note: It may not necessarily fail to log in because it will broadcast addressing, which may be slow to log in, and the following experiments can also be performed.

We close the attack and log in again.

image-20221102201703529

The login is successful. Since the mac address table is full, the data will be sent to all data ports. We return to wirsker.

image-20221102201909677

We will see the ftp packet that was broadcast just now, track the TCP data flow, and then we can see the account number and password that we just logged in.

image-20221102202137106

So far the attack is over.

Guess you like

Origin blog.csdn.net/xrgzky/article/details/128125358
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com