Hi, I think the key here is to explain how both mechanisms work in preventing DHCP starvation. For the OEQs, its key to show that you understand the technologies.
If the proctor is convinced, you get the points, if (s)he isn't, you don't. HTH, On 2/20/11, Jerome Dolphin <[email protected]> wrote: > I'm not sure if you deliberately used the word "best" in your initial > question ? > > Port-sec is the best, but DHCP snooping also plays a part, it covers a > corner case where the attacker uses the same Ethernet source MAC but changes > the CHADDR address in the DHCP request. I think I might be remembering that > from the Yusuf flash cards... > > Cheers ! > > > On Sun, Feb 20, 2011 at 4:40 AM, Pemasiri Devanarayana > <[email protected]>wrote: > >> Thanks Tyson for your response.. >> >> >> On Sat, Feb 19, 2011 at 7:29 PM, Tyson Scott <[email protected]> wrote: >> >>> port security >>> >>> >>> >>> Regards, >>> >>> >>> >>> Tyson Scott - CCIE #13513 R&S, Security, and SP >>> Managing Partner / Sr. Instructor - IPexpert, Inc. >>> Mailto: [email protected] >>> Telephone: +1.810.326.1444, ext. 208 >>> Live Assistance, Please visit: www.ipexpert.com/chat >>> eFax: +1.810.454.0130 >>> >>> >>> >>> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, >>> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco >>> CCIE (R&S, Voice, Security & Service Provider) certification(s) with >>> training locations throughout the United States, Europe, South Asia and >>> Australia. Be sure to visit our online communities at >>> www.ipexpert.com/communities and our public website at www.ipexpert.com >>> >>> >>> >>> *From:* [email protected] [mailto: >>> [email protected]] *On Behalf Of *Pemasiri >>> Devanarayana >>> *Sent:* Saturday, February 19, 2011 4:39 AM >>> *To:* [email protected] >>> *Subject:* [OSL | CCIE_Security] DHCP Starvation attack - OEQ >>> >>> >>> >>> Hi, >>> >>> Can some one clarify that which mitigation solution is best for >>> DHCP starvation attack.. >>> >>> >>> >>> - Port security or the DHCP snooping....? >>> >>> >>> >>> thanks >>> >>> >>> >>> >>> >>> >>> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> > -- Best Regards, Tolulope. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
