Technical Report
1 Introduction
When we talk about a network, basic devices that we have to talk about are routers, switches and
firewalls, these three devices are the base of any network. Therefore, an audit to those devices is
mandatory to verify correct configurations and precautions in order to avoid cyber-attacks.
Successfully attack or compromise a network is relatively easy to do it, all we need is an attacker
running a Pen testing Operating System like Kali Linux and access to the physical network. This tool
can easy take advantage of a security breach and deploy a Denial of Services or Man-In-The-Middle
attack.
Most of these vulnerabilities con be mitigating with security measures applied in the switches and in
the routers, for that reason, this report is focused basically on the switch and the router.
2 Today’s networks
Today’s networks run protocols that are needed for communication, like ARP, DNS; others that make
things easier for the management, like DHCP, CDP, Telnet; and others that help the network to have
redundancies in case of a failure in a link, like STP and HSRP. All these protocols can be susceptible
to attacks if do not take precautions while using them.
Source: cisco.com
1
, Technical Report
Next, we are going to explain the basic functionality of all these protocols:
DHCP Dynamic host configuration protocol. Assign IPs automatically to new hosts that
want to join to the network.
ARP Address resolution protocol. Map an IP (logical) address with a MAC (physical)
address.
DNS Domain name system. It is a naming system that helps us to resolve hostnames to IP
addresses.
CDP Cisco discovery protocol. Cisco proprietary protocol that shares information of
connected cisco devices.
STP Spanning-tree protocol. Prevents loops from being formed when switches are
interconnected via multiple paths.
HSRP Hot standby router protocol. Cisco proprietary protocol for redundancy in the default
gateway.
With all these basic concepts we can jump to identify the vulnerabilities related to these protocols in
the next stage.
Note: It is assumed that the reader has already knowledge of these protocols, thus, further explanation
is not needed.
3 Vulnerabilities
According to my experience and my research, many networks are susceptible to the following
vulnerabilities.
3.1 Physical access
If someone has physical access to the devices can simply plug a console or network cable to change
the configuration or launch an attack.
Assuming that all devices are in VLAN 1 (same broadcast domain) and a DHCP server is running, an
attacker can basically just plug a UTP cable to a port and get all the information needed via DHCP to
perform scanning and subsequently start an attack.
2
1 Introduction
When we talk about a network, basic devices that we have to talk about are routers, switches and
firewalls, these three devices are the base of any network. Therefore, an audit to those devices is
mandatory to verify correct configurations and precautions in order to avoid cyber-attacks.
Successfully attack or compromise a network is relatively easy to do it, all we need is an attacker
running a Pen testing Operating System like Kali Linux and access to the physical network. This tool
can easy take advantage of a security breach and deploy a Denial of Services or Man-In-The-Middle
attack.
Most of these vulnerabilities con be mitigating with security measures applied in the switches and in
the routers, for that reason, this report is focused basically on the switch and the router.
2 Today’s networks
Today’s networks run protocols that are needed for communication, like ARP, DNS; others that make
things easier for the management, like DHCP, CDP, Telnet; and others that help the network to have
redundancies in case of a failure in a link, like STP and HSRP. All these protocols can be susceptible
to attacks if do not take precautions while using them.
Source: cisco.com
1
, Technical Report
Next, we are going to explain the basic functionality of all these protocols:
DHCP Dynamic host configuration protocol. Assign IPs automatically to new hosts that
want to join to the network.
ARP Address resolution protocol. Map an IP (logical) address with a MAC (physical)
address.
DNS Domain name system. It is a naming system that helps us to resolve hostnames to IP
addresses.
CDP Cisco discovery protocol. Cisco proprietary protocol that shares information of
connected cisco devices.
STP Spanning-tree protocol. Prevents loops from being formed when switches are
interconnected via multiple paths.
HSRP Hot standby router protocol. Cisco proprietary protocol for redundancy in the default
gateway.
With all these basic concepts we can jump to identify the vulnerabilities related to these protocols in
the next stage.
Note: It is assumed that the reader has already knowledge of these protocols, thus, further explanation
is not needed.
3 Vulnerabilities
According to my experience and my research, many networks are susceptible to the following
vulnerabilities.
3.1 Physical access
If someone has physical access to the devices can simply plug a console or network cable to change
the configuration or launch an attack.
Assuming that all devices are in VLAN 1 (same broadcast domain) and a DHCP server is running, an
attacker can basically just plug a UTP cable to a port and get all the information needed via DHCP to
perform scanning and subsequently start an attack.
2
