Flooding attacks targeting server devices typically originate from outside the network. Unfortunately, this does not mean that attacks cannot come from within, or even from both directions simultaneously. Local attacks are always more dangerous because they indicate that someone has already breached or bypassed a security perimeter. In such cases, the best solution is to have another network device intercept the offensive before it reaches the router. Techson Layer 2 managed switches are also capable of providing such effective protection.
This type of internal malicious activity is called a man-in-the-middle attack.
It is common for open and inadequately protected guest Wi-Fi or open ports on network devices to provide an opportunity for such acts to be committed.
What happens exactly?
Popular services such as CDP (Cisco Discovery Protocol), MNDP (MikroTik Neighbor Discovery protocol) can be leveraged. Routers that support one of these protocols may be at risk.
During the attack, the hacker floods the router with a large number of spoofed MAC addresses, which in a very short time prevents it from receiving and processing more information, causing it to become overwhelmed. The visible consequence of this is a drastic slowdown of the network or the continuous restarting of the device. If access to the server’s management interface is gained, the full utilization of both the CPU and memory will be evident there as well.
Another type of this flooding attack occurs when the hacker targets the DHCP server, which is known as DHCP starvation.
The principle is the same as in the previous attack form; they achieve the device's removal from the network by spoofing MAC addresses. Using spoofed MAC addresses, they obtain IP addresses from the DHCP server, which fulfills these requests, offering a unique IP address for each request. In this case, the hacker does not accept any of the provided IP addresses but instead demands more, which the server attempts to fulfill repeatedly.
As soon as the free addresses in the IP pool are exhausted, the router begins to slow down. Since requests are continuously coming in, the device also becomes overwhelmed and will not be able to provide a new IP address to the client that actually needs it. At this point, the network collapses: first, the internet access stops, and then the network connections begin to fail. The router becomes unusable and then restarts, but to no avail, as the attack does not cease. All of this happens in a fraction of a second, and with this overwhelming force, the attacker is bound to succeed.
What is the solution?
It's simpler than you think: the switch will stop the attackers! The managed Techson switches have the capability to protect the router as a digital shield. This feature is called the MAC address limit. You need to specify how many MAC addresses the switch can learn and store per port. The port where the router and switch connect to each other is not set with a limit; however, all other ports are. With this simple method, both attacks can be stopped, and the switch's MAC address table will not be filled with fake entries.
Remember!
The protection consists of multiple devices that work together as a group to provide security! Protect your network from internal attacks as well, not just external ones!
