1
00:00:00,470 --> 00:00:08,240
So here are the basic principles of this, which ports, the boards of a switch is in dynamic, desirable

2
00:00:08,240 --> 00:00:09,380
mode by default.

3
00:00:10,390 --> 00:00:13,120
If the device connected to the port is a computer.

4
00:00:14,110 --> 00:00:19,450
The mode of the port becomes access and the port is dedicated to that computer.

5
00:00:21,230 --> 00:00:25,430
If the device is another switch, the mode of the port becomes trunk.

6
00:00:26,660 --> 00:00:33,620
So by default, trunk ports have access to all the lands and pass traffic for multiple villains across

7
00:00:33,770 --> 00:00:36,530
the same physical link generally between switches.

8
00:00:40,410 --> 00:00:47,670
So switch spoofing is a type of VLAN hopping attack that works by taking advantage of an incorrectly

9
00:00:47,670 --> 00:00:48,960
configured trunk port.

10
00:00:49,840 --> 00:00:56,380
And a switch spoofing attack, the network attacker configures a system to spoof itself as a switch.

11
00:00:58,160 --> 00:01:05,780
So this spoofing requires the network attack or be capable of emulating to 2.0 one cue and DTP messages.

12
00:01:07,360 --> 00:01:11,590
By taking a sweat into thinking that another sweat is attempting to form a trunk.

13
00:01:12,530 --> 00:01:17,750
An attacker can gain access to all the villains allowed on the trunk port.

14
00:01:18,960 --> 00:01:26,640
So the best way to prevent a BASIX witch spoofing attack is to turn off trunking on Allport, except

15
00:01:26,640 --> 00:01:34,290
the ones that specifically require trunking on a required trunking ports, disable DTP dynamic trunking

16
00:01:34,290 --> 00:01:37,410
protocol and manually enable trunking.