Tag Archive | "STP manipulation"

Attack the STP manipulation


Attack, which I will talk about today is very dangerous because of its ability to sabotage the entire network in addition to the possibility of the attacker to eavesdrop on all what is happening in the network and I mean this not only Switch, who belongs to the attacker, but all Switchs on the network and can be called STP manipulation or
BPDU attack
Introduction to the Spanning Tree Protocol
As is well known for everybody that the Protocol to the STP plays a major role in the network to prevent differentiate between me the loop or Broadcast Storm is done by electing a switch to be one Root Bridge, and the choice as less Bridge ID on the network and then are selected ports that should work or depend on the Cost of appropriation or cost of access for the Root Bridge and all these things are made by me to differentiate between and BPDU course, this is known at all
How is this kind of attack?
Attack, like a simple idea and a very large impact is by sending a forged BPDU tells an attacker Switch, which is linked with the fact that it had lower Bridge ID on the network and that he should be is the Root Bridge
And thus will be re-distributed on each port Switch These are some pictures to simplify the issue
The first picture we see a normal distribution for the network and also believe that the care section A is the Root Bridge on the network and my own red lines of STP and see that the attacker is located on the device # 2 sends a BPDU to a false Switch

In the second picture you will see what will happen after the attacker to change the planned

Will notice that everything may change and become all Whitout that crosses over the network passes through the attacker and the person thus became the attack, which we have known me or MITM Man In The Middle
How can I protect networks from this type of attack?
Cisco suggests you 3 ways to protect against this attack, the first
BPDU Guard feature to tell them that the port does not receive any kind of messages in the BPDU port upon receipt of any BPDU will transfer the case errdisable port to any port will be closed completely
And the way the numbers are as follows:
Enter the first port on the security of others and write the following command
____________________________________________

Cisco’s IOS
Switch(config)#spanning-tree bpduguard enable

If you want to activate this feature on all ports that are in a state PortFast Type the following command at the Config mode
__________________________________________________
Switch(config)#spanning-tree portfast bpduguard default

BPDU Root in this property Tell Switch that this port will never be the Root Bridge, it goes through this

____________________________________________________
Switch(config-if)#spanning-tree guard root

BPDU Filtering this property is the same property of the very first and the only difference is that this property allows you to determine what you want the Port to do in case I receive the BPDU unlike the BPDU Guard, which would Closes the port directly and the way the numbers are as follows:
On port

_____________________________________
Switch(config-if)#spanning-tree bpdufilter enable

Switch(config)#spanning-tree portfast bpdufilter default

Posted in Cisco, Net SecurityComments (57)

Loading

Keep in Touch

  • Subscribe our Newsletter




  • Follow me on Twitter
    Facebook Google Yahoo XML
  • Seo Packages
    What is seo - seo tips