Руководство По Проектированию для Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter
4-45
Enterprise Mobility 4.1 Design Guide
OL-14435-01
Chapter 4 Cisco Unified Wireless Network Architecture—Base Security Features
Cisco Integrated Security Features
Figure 4-35
IP Source Guard Preventing MIM
Effectiveness of IP Source Guard
The effectiveness of this feature depends on two factors: the way the attacker is able to spoof the address,
and which scenario is being tested.
and which scenario is being tested.
An association to the AP is based on the client MAC address, so if the AP receives a frame with an
unknown source MAC address, it drops the frame. When launching an IP spoofing attack, the attacker
has the option to use his or her own MAC address or to use one from another user connected to the same
AP. All the other combinations, such as using a random MAC address or using the MAC address of a
user connected to another AP, lead to a failed attack because the AP drops the frame.
unknown source MAC address, it drops the frame. When launching an IP spoofing attack, the attacker
has the option to use his or her own MAC address or to use one from another user connected to the same
AP. All the other combinations, such as using a random MAC address or using the MAC address of a
user connected to another AP, lead to a failed attack because the AP drops the frame.
In case the attacker uses his or her own MAC address but spoofs the IP address, IP Source Guard enabled
on the switch stops the attack in all the second scenario but not the first. In the first scenario, the traffic
stays local to the AP and the CISF feature is not invoked. In the other scenarios, CISF successfully stops
the attack because the IP-spoofed packet sent by the malicious user has no entry in the DHCP snooping
table.
on the switch stops the attack in all the second scenario but not the first. In the first scenario, the traffic
stays local to the AP and the CISF feature is not invoked. In the other scenarios, CISF successfully stops
the attack because the IP-spoofed packet sent by the malicious user has no entry in the DHCP snooping
table.
However, if the attacker is able to spoof both the MAC and the IP address of another wireless user
connected to the same AP, basically assuming the identity of another user, the attack is successful in
Scenarios 1 and 2.
connected to the same AP, basically assuming the identity of another user, the attack is successful in
Scenarios 1 and 2.
Spoofing both the Mac and IP address is realistically possible in a hotspot environment where no
encryption is used, or when the weaknesses of WEP are exploited. This is one of the reasons why Cisco
highly recommends the use of strong encryption whenever possible.
encryption is used, or when the weaknesses of WEP are exploited. This is one of the reasons why Cisco
highly recommends the use of strong encryption whenever possible.
190377
STOP
Legit
101.1.2
I'm
Sourcing
10.1.1.2
Hey I'm 10.1.1.2
10.1.1.1