LAN Switch Security: What Hackers Know About Your Switches
by Eric Vyncke and Christopher Paggen
“Should be required reading for Pentesters”LAN Switch Security provides enough information to leverage the most common layer 2 attacks a pentester would be interested in; MAC Flooding, VLAN Hopping, DTP attacks, and CDP Snarfing along with plenty of switching protocol details for the Cisco ninja wannabe.
With the exception of the white paper for the tool Yersinia there isn't much in the way of resources out there for conducting Layer 2 attacks and certainly nothing written to the technical level of LSS.
The discussion of Layer 2 attacks in the first few chapters of this book are excellent and easily worth the price of the book especially if you are responsible for securing switches or just breaking into and abusing them. Chapter 4's (“Are VLANS Safe?”) discussion on Dynamic Trunking Protocol is probably the most valuable for pentesters. The chapter covers using Yersinia to (hopefully) turn the port the attacker is connected to into a trunk port. This enables the attacker to see all traffic on all VLANS (pretty handy). In addition to exceptional background material on switching protocols and information on breaking the different switching protocols the book gives us quality information on securing those same protocols to include a good chunk of the IOS commands to implement the recommended changes.
-All the chapters using Yersinia for attacks and the overview of Yersinia
-The structure (Technology Overview, Discussion of the Vulnerability, Remediation) of each chapter works well
-Plenty of Cisco IOS command line specifics to get the job done
-Really good overviews of the switching protocols, how to break them, and how to secure them
-Discussion of data planes and control planes
-Check out the cons of Richard Bejtlich & Stephen Northcutt...all valid
-No discussion of minimum lab requirements to set up a lab to reproduce the attacks
-I lost interest from part II onward, probably because most of the attacks don't give you much (if any) in the way of privileges and it got fairly deep into switching protocols I don't usually deal with and the book seems to drift. I'm not sure what happened but the book doesn't end as strong as it begins.
-Some repeating of material in different chapters
I gave the book 4 stars mostly due to editing issues, lack of lab guidance to reproduce the attacks,and the fact that I lost interest in the book toward the end. Even though I lost interest toward the end I still recommend this book for anyone interested in breaking Layer 2 or securing it.
Yersinia article from hakin9 magazine (sorry couldnt find the full one, this link is for pay after the first page)