VoIP Hopper is a Unix/Linux based free opensource security tool that rapidly runs a VLAN Hop into the Voice VLAN on specific Ethernet switches. VoIP Hopper mimicks the behavior of an IP Phone, in both Cisco and Avaya IP Phone environments to hope into the Voice VLAN. VoIP Hopper is both a VLAN Hop test tool and a tool to test VoIP infrastructure security.
Category: Security
How to prevent VLAN Hopping in Cisco Switches
A malicious user can easily gain access to data on another VLAN to which he is not authorised to access using VLAN hopping. A VLAN Hoping attack can be launched by using a Switch Spoofing or Double Tagging of 802.1q trunking protocol. To have a quick insight into VLAN Hopping, click here.
You can prevent VLAN Hopping in Cisco Switches as follows:
VLAN Hopping – Layer 2 Security exploit bypass Layer 3 security
VLAN Hopping is a Layer 2 security exploit by which a malicous user connected to a switchport on a Switch assigned to a VLAN can hop on and gain access to another VLAN which otherwise is not accessible. This security exploit allows the malicous hacker to bypass the IP Securities implemented at Layer 3.
Set Login Restrictions to protect Cisco IOS Routers & Switches
While no security is fool proof, it is important that we do as much as we can to ensure maximum protection on our netowrk devices like Routers and Switches. Cisco IOS has enhanced Login restriction features which can control login attempts to it. This includes time delay between failed login attempts, block period after a set of failed login attempts and audit logs of successful and failed login attempts.
These login restrictions provides more control and make it that more harder for unauthorised accesses and prevent against Dictionary based DoS attacks.
(more…)How to configure Site-Site IPSec VPN in Cisco Routers (IOS)
Virtual Private Network (VPN) is a network which uses a shared network infrastructure (Internet) which allows a secure access between two networks or securely connects a remote user to his corporate network.
Let's check out here how to configure a Site to Site VPN using a Pre-shared Key in Cisco Routers running Cisco IOS
How to enable Path MTU Discovery in Juniper Netscreen Firewalls (ScreenOS)
If you have site to site IPSec VPNs configured between two network with your Juniper Netscreen or SSG firewalls and clients from one network access servers or services from the other network then it is advisable to enable Path MTU Discovery support on the Juniper firewalls.
Juniper Netscreen or SSG firewalls running Screen OS by default disable the Path MTU Discovery support. This means, when an IP Packet with DF bit set ("1") in the ip Header and its size after IPSec Encapsulation is more the MTU of the Juniper VPN Firewall arrives at the VPN Firewall, the firewall will ignore the "DF" bit and simply fragments the packets and forwards it to the appropriate tunnel interface. This can cause serious problems with some applications. A classic example is the Microsoft Applications that rely on NetBIOS over TCP/IP which wouldn't prefer the packets being fragmented (and hence DF set).
Yersinia – Free Network Testing tool for CDP,STP,VTP,DHCP,DTP,ISL,802.1Q,802.1X
Yersinia is a free Network Penetration testing tool used to test and analyse some of the most commonly used protocols on your network. Penetration testing tools of this kind will provide deep insight on network security issues. Yersinia is a UNIX based tool that works on Linux, Solaris 8, FreeBSD.
NOTE: The tool is described as a tool to perform network tests and exercise responsible actions when performing tests which includes obtaining the permission from responsible authorities. DO NOT USE THIS TOOL FOR ANY UNAUTHROSIED HACKING PURPOSES