Switch MAC Flooding 공격 방어

******************************
 Switch MAC Flooding 공격 방어
******************************
! Switch설정하기
ASW(config)# int fa0/1
ASW(config-if)# switchport mode access
ASW(config-if)# switchport port-security violation protect
ASW(config-if)# switchport port-security maximun 3
ASW(config-if)# switchport port-security
ASW(config-if)# switchport port-security mac-address sticky

 

! Switch에서 특정 Interface 설정 확인하기
ASW# show running-config interface fastethernet 0/1
or
ASW#sh run int fa0/1
Building configuration...

Current configuration : 523 bytes
!
interface FastEthernet0/1
 switchport mode access
 switchport port-security
 switchport port-security maximum 5
 switchport port-security violation protect
 switchport port-security mac-address sticky
 switchport port-security mac-address sticky 000c.2933.a982
 switchport port-security mac-address sticky 000c.29a0.2c18
 switchport port-security mac-address sticky 0040.cac4.40ed
 switchport port-security mac-address sticky 6414.fa00.f02e
 switchport port-security mac-address sticky a232.684e.fff9
 no ip address
end

ASW#

 

! 동적 mac-address-table 보기
ASW# sh mac-a dynamic

! 정적 mac-address-table 보기
ASW# sh mac-a static

! Backtrack Live OS를 이용한 MAC Flooding 공격하기
Konsole 창에서
# while [ 1 ]
>do
>macof
>done