Cisco Ethernet switch Manual de usuario descargar pdf (Pagina 76)

767676

l2-security-bh.ppt

IP Telephony Considerations

¥ Most IP Telephony deployments use a distinct VLAN for

voice vs. data traffic

Done because of QoS and security considerations

Voice VLAN is called an ÒauxiliaryÓ VLAN and is set on the

phone via a CDP message (trunking can still be disabled)

All mentioned attack mitigation features work fine except

PVLANs and 802.1X which do not yet support aux VLANs

IP Telephony currently does not support confidentiality. Use the

techniques discussed in this presentation to mitigate the effects

of tools like Vomit. http://vomit.xtdnet.nl

04:16:06.652765 802.1Q vid 987 pri 0 1:0:c:cc:cc:cd > 0:8:e3:cf:1a:dd sap aa ui/C len=39

04:16:07.095781 0:8:e3:cf:1a:dd > 1:0:c:cc:cc:cd sap aa ui/C len=39

Tcpdump Output

1 2 ... 71 72 73 74 75 76 77 78 79 80 81 82 83 84

Sin comentarios

Cisco Ethernet switch Manual de usuario Pagina 76