MAC Table Overflow: Flooding a switch's MAC table with fake addresses to exhaust its resources, causing it to broadcast frames to all ports.
Port Security: Prevent MAC table attacks by limiting the number of MAC addresses allowed on a port and using static or sticky MAC address assignments.
VLAN Hopping:
VLAN Hopping Attack: Involves exploiting a switch’s default configuration to create trunk links with unauthorized devices, enabling attackers to access multiple VLANs.
Prevention: Disable DTP (Dynamic Trunking Protocol) on non-trunking ports and set the native VLAN to something other than VLAN 1.
Private VLANs (PVLANs):
Provide isolation between ports within the same VLAN. This prevents one device from sniffing traffic on another device's port within the same broadcast domain.
PVLAN Edge Feature: Ensures no Layer 2 communication between protected ports on the same switch.
Mitigating DHCP Attacks:
DHCP Starvation: Attackers send a flood of DHCP requests to exhaust the DHCP server’s pool of IP addresses.
Mitigation: Use DHCP Snooping to validate DHCP messages and block untrusted DHCP servers from assigning IPs.
DHCP Spoofing: A rogue DHCP server assigns incorrect IP addresses to clients.
Mitigation: Use DHCP snooping to trust only authorized DHCP servers and limit the rate of DHCP discovery messages on untrusted ports.