This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SERIOUS SECURITY LAPSE IN EXTREME SUMMIT SWITCHES. MANINMIDDLE ATTACK, GATEWAY SPOOFING.

SERIOUS SECURITY LAPSE IN EXTREME SUMMIT SWITCHES. MANINMIDDLE ATTACK, GATEWAY SPOOFING.

Anonymous
Not applicable

‎06-26-2014 08:46 AM

SERIOUS SECURITY LAPSE IN EXTREME SUMMIT SWITCHES. We have a Summit X450e-48p switch, in which we have created a Vlan that is acting as a gateway for the hosts. The switch is configured to forward the traffic to the router (internet). However this has caused a serious security issue which is as follows. A host has entered the IP address of the gateway and is getting all the traffic routed through his host machine to the router. Is there any way to stop such a situation, I think its called gateway spoofing. note: The IPs are being assigned manually to the host machines (no dhcp). Please help!!!!!!

also note:
1.)also note there is no way to make a policy (egress) to stop this.
2.)there no way to bind ip address to a port.

0 Kudos
3 REPLIES 3

Sumit_Tokle
Contributor

‎06-26-2014 02:34 PM

Ashish,

If you know any other security methods that is supported by other vendor(L3 switch) then Let us know If there is any similar way thern I could guide your on Extreme Devices.

Sumit

0 Kudos

Jason_Parker
Contributor

‎06-26-2014 12:41 PM

Ashish

I can look into this and maybe put some commands together with the folowing idea.

I think using DHCPSnooping/ArpInspection may be the way to go.
Making your up link ports facing the DHCP server as trusted ports as well as "AP" ports
if you are bridging traffic locally on the AP's

Does this sound like something that you would like to try?

Someone may provide this information to you before I put it together.

you may need to create a case and have someone review your configuration just to make sure this is something that will not cause any issues

Jason

0 Kudos

Paul_Russo
Extreme Employee

‎06-26-2014 10:14 AM

Hello Ashish

This sounds like a man in the middle attack. Please look at the concepts guide for 15.4 page 879

From the guide:
To protect against this type of attack, the router sends out its own gratuitous ARP request to override
the attacker whenever a gratuitous ARP request broadcast packet with the router's IP address as the
source is received on the network.
If you enable both DHCP secured ARP and gratuitous ARP protection, the switch protects its own IP
address and those of the hosts that appear as secure entries in the ARP table.

Since you are statically assigned IP addresses that makes it harder to protect against this attack as the switch cant use DHCP snooping, Trusted DHCP server or DHCP secured ARP whichhelps to prevent people setting static addresses on the network.

Enabling Gratuitous ARP protection and CPU DoS Protection will help.

Thanks
P

0 Kudos
GTM-P2G8KFN