Scribd
Upload
40 views

Lab 2 - Data Link Layer Attacks and Mitigation Techniques-Task2

Uploaded by

Phạm Trọng Khanh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
40 views

Lab 2 - Data Link Layer Attacks and Mitigation Techniques-Task2

Uploaded by

Phạm Trọng Khanh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 13

CNBU203-Network Security

Lab 2: Data Link Layer Attacks and Mitigation Techniques

Ngoc-Tu Nguyen, PhD


[email protected]

09-2024 CNBU203-Network security Lab 2: 1


Outline
Objective:
• Implement various attacks on the Data Link Layer, including
MAC address spoofing, ARP poisoning, DHCP starvation, and
VLAN hopping.
• Demonstrate a Man-in-the-Middle (MITM) attack using ARP
poisoning.
• Explore sniffing and spoofing network traffic using Scapy.
• Learn how to protect against these attacks.

09-2024 CNBU203-Network security Lab 2: 2


Data Link Layer Attacks and Mitigation
Techniques
Lab Setup Requirements:
1.Software:
• Python3
• Scapy library (pip install scapy)
• macchanger for Linux-based MAC spoofing
• Wireshark or tcpdump for packet sniffing
2. Networking Environment:
• One Linux machine (for attack and monitoring).
• Two additional machines (or VMs) as the victim and the
gateway.
3. Permissions:
• Admin privileges on all machines.
• Ability to enable IP forwarding.

09-2024 CNBU203-Network security Lab 2: 3


Data Link Layer Attacks and Mitigation
Techniques
Lab Tasks
1. MAC Address Spoofing
2. MAC Flooding Attack
3. ARP Spoofing and Poisoning
4. DHCP Starvation with Rogue DHCP Server
5. VLAN Hopping Attack
6. Spanning Tree Protocol (STP) Attacks
7. Man-in-the-Middle (MITM) Attack using ARP Poisoning
8. Sniff-then-Spoof Traffic

09-2024 CNBU203-Network security Lab 2: 4


MAC Address Spoofing
Task 1. MAC Address Spoofing
• Objective: Spoof the MAC address to impersonate another device on the netw
• Tools: macchanger (Linux), PowerShell (Windows).
• Mitigation: Enable port security, use 802.1X authentication.

09-2024 CNBU203-Network security Lab 2: 5


MAC Address Spoofing
 MAC Spoofing on Linux

ifconfig -a # list the interfaces, may use: ip link show

sudo apt-get install macchanger

sudo ifconfig eth0 down # Bring the network interface down

sudo macchanger -r eth0 #To set a random MAC address

sudo macchanger -m 00:11:22:33:44:55 eth0 # Replace with your desired MAC address

sudo ifconfig eth0 up #Bring the interface back up

ifconfig eth0 # Verify the change

09-2024 CNBU203-Network security Lab 2: 6


MAC Address Spoofing
 MAC Spoofing on Linux

# Restore the default

sudo ifconfig eth0 down # Bring the network interface down

sudo macchanger -p eth0 # Restore

sudo ifconfig eth0 up #Bring the interface back up

ifconfig eth0 # Verify the change

09-2024 CNBU203-Network security Lab 2: 7


MAC Address Spoofing
 MAC Spoofing on Window (PowerShell)

Manually through Network Adapter Settings:


Step-by-Step Instructions:
1. Go to Control Panel > Network and Sharing Center > Change adapter settings.
2. Right-click on your active network interface and select Properties.
3. Click Configure, then go to the Advanced tab.
4. Find Network Address or Locally Administered Address.
5. Enter the desired MAC address (without dashes or colons).
6. Click OK and restart the network interface.

09-2024 CNBU203-Network security Lab 2: 8


MAC Address Spoofing
 MAC Spoofing on Window (PowerShell)
# List all network
Get-NetAdapter
# Now, set the MAC address
Set-NetAdapter -Name "Ethernet" -MacAddress "00-14-22-01-23-45“
# Verify the change
Get-NetAdapter -Name "Ethernet"

# Restore the default

Set-NetAdapter -Name "Ethernet" -MacAddress ""

09-2024 CNBU203-Network security Lab 2: 9


MAC Flooding Attack
Task 2. MAC Flooding Attack
• Objective: Overwhelm a network switch's CAM table by flooding it with
random MAC addresses, causing it to operate in "hub mode."
• Tools: macof (Linux), Scapy (Python script).
• Mitigation: Enable port security to limit MAC addresses on each port.

09-2024 CNBU203-Network security Lab 2: 10


MAC Flooding Attack
Task 2. MAC Flooding Attack (vswitch)
Get-WindowsFeature -Name Hyper-V # Check

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V –All #install

Restart-Computer

Import-Module Hyper-V

Get-Module -ListAvailable Hyper-V

Get-VMSwitch

Get-VMNetworkAdapter | Select VMName, MacAddress # List Network Adapters and MAC Addresses

Get-VMNetworkAdapter | Get-VMNetworkAdapterVlan

09-2024 CNBU203-Network security Lab 2: 11


MAC Flooding Attack
Task 2. MAC Flooding Attack
sudo apt-get install dsniff
sudo macof #flooding the switch with packet

09-2024 CNBU203-Network security Lab 2: 12


MAC Flooding Attack
Task 2. MAC Flooding Attack (Python)

09-2024 CNBU203-Network security Lab 2: 13

You might also like