Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book

Summary

Conducting STP attacks is now within the reach of a wide population, thanks to the availability of point-and-shoot attacks tools, such as Yersinia. Elaborated two decades ago, the protocol didn't include security as a critical component of its design. This lack of consideration for security attracted hackers' attention all over the world, as recently shown at Black Hat Europe 2005, for example.5 The only vaguely reassuring fact is that, to perform an attack, a miscreant needs direct connectivity with the LAN infrastructure. Nonetheless, STP attacks are extremely disruptive because the protocol lays the foundation for most modern LANs. Attacks can cause traffic black holes, DoS attacks, excessive flooding, redirection of traffic to the hacker's computer, and more. Fortunately, simple features widely available on a range of switches, such as BPDU-guard, provide effective measures against spanning-tree–based exploits.

  • + Share This
  • 🔖 Save To Your Account