USA: +1(669)289-8683 
Sign in
130 words per answer with one reference each…. please separate references
1.
Responses from Benjamin DePaul Doyle question 1 LAYER 2(VLAN) ATTACK TYPE
An example of a layer 2 attack that is not covered in Module 3 is a DHCP starvation attack. In this situation, an attacker would enter a DHCP supported network and flood the server with DHCP requests. After all of the leasable IP addresses have been taken, the server cannot grant any further addresses to new hosts entering the network. This attack is often paired with a MAC spoofing attack in order to successfully impersonate legitimate DHCP requests to the server. This DHCP starvation attack is detected and prevented in a similar manner that is used to defend against MAC flooding attacks. A script is written for the DHCP server to monitor the number of requests received over a period of time. If this ratio of requests per second exceeds what is deemed acceptable, then it is treated as an attack on the network. An additional reactionary measure can be to record the MAC address of the host sending the excessive requests and blacklist their address on the server (O’Conner, 2010).
Another common layer 2 network attack is the Man in the Middle attack. These attacks have become increasingly popular in the last several years, used to eavesdrop on network traffic and acquire login credentials. Man in the Middle attacks can be accomplished using ARP poisoning, also known as ARP spoofing. When the attacker mimics the MAC address of their target and sends unsolicited ARP replies to the host network, they are able to insert themselves between all traffic that moves to and from the target host (UMUC, 2013). The most dangerous characteristic of this attack is that the target user will not know that their actions and commands are being monitored. This was the case for employees of Citi banks in 2006 as well as hundreds of other companies. In an attempt to combat cyber theft attempts, the bank began using security tokens with a 6-digit PIN, randomly assigned and expiring after 30 seconds. Within months of these tokens being introduced, several thefts occurred because of Man in the Middle attacks. As employees were entering their PIN numbers, the login credentials were being actively monitored by the attacker, and granting them access to the desired financial information (Keizer, 2006). Since this time, several countermeasures have been developed to combat the Man in the Middle attack. One of these defenses is DHCP Snooping, which reads all DHCP traffic and helps substantiate whether the ARP traffic is legitimate. Incoming DHCP requests are blocked at the server port and unable to reach the client. The DHCP Snooping builds a database of MAC to IP addresses and any ARP requests that do not have matches in this database are immediately dropped. This protective process is known as Dynamic ARP Inspection. Another defense against the Man in the Middle attack is by configuring a switch to limit the rate which ARP reply packets can be transmitted. If a particular port or switch exceeds this limit ratio, it will either send an alert or be placed in an error state until it is reset (VandenBrink, 2009).
Response 2 from Samantha Joan Cowan Question 3
Routers, which are responsible for routing IP packets through networks, are susceptible to a number of different types of attacks (UMUC, 2012). Two types of attacks that commonly target routers are denial of service (DoS) and routing table modification.
DoS attacks aim to make services or data unavailable to those for whom it is intended, most commonly by flooding an aspect of the network with IP packets – although there are other methods which can be utilized (Sridhar rao, 2011). The router is one of the points in the network often targeted in such attacks, and also one which can be succesptible to the more extreme of the DoS attacks, Permanent Denial of Service, which can cause permanent damage to hardware (Sridhar rao, 2011). Most frequently, this is due to a component – such as a router – attempting to upgrade firmware online without checking to ensure the update is being obtained from a trustworthy source (Sridhar rao, 2011). Attacks involving the modification of routing tables, termed rerouting attacks, are specific to routers (UMUC, 2012). Routing tables are built by the router as it exchanges information with other routers, and are used to determine how, and where, packets are routed (UMUC, 2012). By posing as a nearby router, attackers can send a router false information in routing update packets, causing the routing table to update inaccurately (UMUC, 2012). This is problematic as this new, and incorrect, information, will then be used by the router as it routes packets.
To detect DoS, or prevent them from succeeding, intrusion detection systems can be set to look for known signatures for DoS attacks, or to monitor for abnormal network activity (Jian-Qi, Feng, Kim, Ke-xin, & Yan-Heng, 2012). Likewise, intrusion prevention systems can be set up to take action when such events are detected, and administrators can receive notifications from either system so that they can immediately review and take action if needed (Goodrich & Tamassia, 2011).
Rerouting attacks can be prevented by making use of routing protocols with authentication (UMUC, 2012). These protocols require the router to authenticate the messages it receives, ensuring they come from a reliable source (CISCO, n.d.).According to CISCO (n.d.), some of the protocols that use this manner of authentication are: Border Gateway Protocol (BGP), Intermediate System-to-Intermediate System (IS-IS), IP Enhanced Interior Gateway Routing Protocol (EIGRP), Open Shortest Path First (OSPF) and Routing Information Protocol (RIP) version 2.
