# Networks Security
{% hint style="info" %}
**On Cisco Equipments.**
{% endhint %}
## Cam OverFlow - Protection
{% hint style="info" %}
The actual way to prevent a CAM table overflow attack is to instruct each port that there's a limit to how many MAC addresses it can have, and that's done with **port security**.
{% endhint %}
**On Switches :**
```
S1#configure terminal
S1(config)#int range f0/1 - 24
S1(config-if)#no shut
S1(config-if)#switchport mode access
S1(config-if)#switchport port-security maximum 5
S1(config-if)#switchport port-security
S1(config-if)#do show port-security
exit
```
**If an attack occurs**, on the switch do :
```
show port-security
show inter status err-disabled
```
## DHCP Starvation - Protection
## Protection
**Limit rate** on every interfaces :
**Results :**
### Wireshark
## CDP Flooding - Protection
**On Switches :**
```
S1(config-if)# no cdp run
S1# sh cdp interface int
S1# show cdp neighbors
```
Disable on all ports except the one connected to R1.
### Why did Cisco create CDP ?
*Cisco Discovery Protocol (CDP) is a Cisco proprietary protocol designed to facilitate the network management of Cisco devices by discovering hardware and protocol information about neighboring devices. By using CDP, Network Engineers can gather information about neighboring network devices, determining the type of hardware or equipment, software version, active interfaces the device is using (whether physical or VLAN), how they are configured, and other useful information. That is quite a bit of information, and this is useful for troubleshooting and documenting the network.*
## TCP Syn Flood - Protection
{% embed url="" %}
{% embed url="" %}
### TCP Intercept
**Steps on the switch**
```
enable
configure terminal
access-list access-list-number {deny | permit | remark} {host-ip-address | any | host}
ip tcp intercept list access-list-number
ip tcp intercept mode {intercept | watch}
ip tcp intercept drop-mode {oldest | random}
ip tcp intercept watch-timeout seconds
ip tcp intercept finrst-timeout seconds
ip tcp intercept connection-timeout seconds
ip tcp intercept max-incomplete low number high number
ip tcp intercept one-minute low number high number
exit
show tcp intercept connections
show tcp intercept statistics
```
## OSPF - Protection
**On routers,** setting up **authentication** process :
```
R1(config)# router ospf 1
R1(config-router)# area 0 authentication message-digest
R1(config-router)# exit
R1(config)# int g1/0
R1(config-if)# ip ospf message-digest-key 1 md5 passworD
R1(config-if)# int s0/1/1
R1(config-if)# ip ospf message-digest-key 1 md5 passworD
```
During the attack :
## ARP Spoofing - Protection
**On Switches** : DHCP snooping & rate limit.
## VLAN Hopping - Protection
### Verification
During an attack :
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://book.redsquad.xyz/blue-team/networks-security.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.