DRAG DROP - Drag and drop the Cisco IOS attack mitigation features from the left onto the types of network attack they mitigate on the right. Select and Place:
Correct me if I'm wrong, but this answer doesn't look right to me at all. Shouldn't it be:
DHCP Snooping - Rogue server, Dynamic ARP Inspection - Cache poisoning, IP Source Guard - rogue clients, storm control - flood attacks
DRAG DROP -
Drag and drop the Cisco IOS attack mitigation features from the left onto the types of network attack they mitigate on the right.
Select and Place:
Agree with Anon1216, given answer is not correct.
DHCP snooping: a security technology on a Layer 2 network switch that can prevent unauthorized DHCP servers from accessing your network. It is a protection from the untrusted hosts that want to become DHCP servers.
-- rogue server that spoofs IP configuration
Dynamic ARP Inspection (DAI): helps prevent ARP cache poisoning attacks by validating ARP packets and ensuring they come from legitimate sources. (man-in-the-middle attack)
-- cache poisoning
IP source guard: only allow hosts which IP address was assigned by dhcp server(valid source), its relies on the information from DHCP snooping database to do its work. block all other traffic.
-- rogue clients on the network
Storm control: excessive broadcast storm makes netwrok suffer badly, Storm control enables the switch to monitor traffic levels and to drop broadcast, multicast, and unknown unicast packets (when storm control level—is exceeded).
-- flood attacks
a rogue DHCP server is one that is not authorized to provide IP addresses to devices on your network. >>> prevented by DHCP snooping
A rogue client is an unauthorized device that has been found communicating and accessing an authorized network. >>> prevented by IP source guard
I agree with Anon
DHCP Snooping - Rogue server that spoofs ip config (rogue DHCP server)
Dynamic ARP Inspection - Cache poisoning (ARP cache poisoning)
storm control - flood attacks
IP Source Guard - rogue clients (IP source guard is configured separated but uses the dhcp snooping bindings table to detect a malicious IP/MAC combo)
https://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/multibook/configuration_guide/b_consolidated_config_guide_3850_chapter_0110110.html#d351221e533a1635
given answers are incorrect
DHCP snooping == Rogue server that spoofs IP configuration
Dynamic ARP Inspection == Cache poisoning
IP Source Guard == Rogue clients on the network
Storm control == Flood attacks
agree with anion
ip souce = host
https://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/multibook/configuration_guide/b_consolidated_config_guide_3850_chapter_0110110.html#d351221e533a1635
Typical Cisco question, I asked ChatGPT and this was the answer:
DHCP Snooping - Rogue clients on the network
Dynamic ARP Inspection - Rogue server that spoofs IP config
IP Source Guard - Cache poisoning
Storm Control - Flood attacks
I think you are correct. People are getting hung up on the "Rogue Server" and "spoofing IP configuration". It's extremely vague. Is it spoofing it's own IP configuration (IP Source Guard) or is it a DHCP server sending out spoofed DHCP packets (DHCP Snooping)? Spoofing IP Configuration would be a very odd way of saying sending out fake DHCP. So I think it would be IP source guard. Another terribly worded Cisco question.
The previous answers are correct, you did have the correct documentation but by cisco the best practices is to set DHCP snopping and trust just the dhcp server port meaning you don't need to validate anything else that way with the IP Source Guard. And you can have more than one rougue client on several ports, that's what you need to validate.
You can use IP source guard to prevent traffic attacks if a host tries to use the IP address of its neighbor and you can enable IP source guard when DHCP snooping is enabled on an untrusted interface....It filters traffic based on the DHCP snooping binding database and on manually configured IP source bindings...IPSG for static hosts allows IPSG to work without DHCP.
https://www.cisco.com/en/US/docs/switches/lan/catalyst3850/software/release/3.2_0_se/multibook/configuration_guide/b_consolidated_config_guide_3850_chapter_0110110.html#:~:text=You can use IP source,enabled on an untrusted interface.
A server will typically be statically configured. In other words typically configured to not receive an ip address from the DHCP server. DHCP snooping would only be aware of the DHCP assigned ip addresses so that is why we need something that can work with manually configured (static) ip addresses. This brings up the question as to why they would have a server on an untrusted port, as ip source guard only can be configured on untrusted ports. The alternative question is, if the rogue server is connected to another port (not the same one as the original it is trying to spoof) why would they have IPSG configured on the other untrusted ports?
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Anon1216
Highly Voted 1 year, 10 months agoLse
1 week, 1 day agoLse
1 week, 1 day agoAbdullahMohammad251
7 months, 4 weeks agosplashy
Highly Voted 1 year, 10 months ago[Removed]
Most Recent 3 months, 3 weeks agoaskar430
4 months, 3 weeks ago[Removed]
7 months agono_blink404
1 year agoRougePotatoe
1 year, 8 months agoNet_Jos
6 months, 2 weeks agoAcidscars
1 year agololungos
1 year agoRougePotatoe
1 year, 8 months agotumajay
8 months, 2 weeks agoRougePotatoe
1 year, 8 months ago