An attacker is launching a DoS attack with a public domain hacking tool that is used to exhaust the IP address space available from the DHCP servers for a period of time. Which procedure would best defend against this type of attack?
A.
Configure only trusted interfaces with root guard.
B.
Implement private VLANs (PVLANs) to carry only user traffic.
C.
Implement private VLANs (PVLANs) to carry only DHCP traffic.
D.
Configure only untrusted interfaces with root guard.
E.
Configure DHCP spoofing on all ports that connect untrusted clients.
F.
Configure DHCP snooping only on ports that connect trusted DHCP servers.
Explanation:
Cisco Catalyst switches can use the DHCP snooping feature to help mitigate this type of attack. When DHCP snooping is enabled, switch ports are categorized as trusted or untrusted. Legitimate DHCP servers can be found on trusted ports, whereas all other hosts sit behind untrusted ports.
By default, all switch ports are assumed to be untrusted so that DHCP replies are not expected or permitted. Only trusted ports are allowed to send DHCP replies. Therefore, you should identify only the ports where known, trusted DHCP servers are located. You can do this with the following interface configuration command:
Switch(config-if)#ip dhcp snooping trust
Fortunately, there are a number of treatments available if
you suffer from this unfortunate condition.
It is often mixed with other oils to keep cost down but still provide benefits.
Using natural treatment for hair loss just makes good sense.
0
0