You are here: Encyclopedia > What is a Spanning Tree Protocol Attack?

What is a Spanning Tree Protocol Attack?

Different kinds of link layer network protocol exist today and one of which is designed for the main purpose of guaranteeing any of the bridged-LAN with a loop-free logical topology. This network protocol is known to be as the spanning tree protocol or STP.

And, according to the experts in this field, the fundamental role of the spanning tree protocol is to stop the occurrence of bridge loops and it also operates in developing a broadcast radiation. A loop-free logical topology is produced because STP permits switching even though there are existing physical loops within the network.

The mechanism involved in the spanning tree protocol allows it to function by altering the switch ports so that it can block or forward various conditions in accordance to the kinds of segments they are linked with. Spanning tree protocol involves three phases on how it generates its topology. Launching of a topology begins with selection of a root bridge. And then, one root port must be chosen for each of the non-root bridge. Lastly, a designated port must also be picked with every network segment.

Based on the reports made by security specialists, there are different types of attacks that directly target the spanning tree protocol. The most commonly known STP attacks include sending of RAW configuration BDPU and transmission of RAQ TCN BDPU. In addition, STP attacks also involve the denial-of-service or DOS transferring RAW configuration BDPU as well as denial-of-service attack that launch RAW TCN BDPU. Three more assaults were noted by experts, which badly influences the spanning tree protocol, and these are claiming of the Root Role, other role, and the Root Role Dual-Home (MITM).

For every attack, there should always be an existing method so as to have even just a slight defense against it. According to some written reports, there are currently three countermeasures on hand that can fight off the attacks on the STP. Two of these countermeasures are offered to most of today’s switches while the remaining depends more on a piece of hardware. The three countermeasures are the following: BDPU filtering, BDPU guard, and Layer 2 PDU rate limiter.

Related pages

All Modules Included at 1 Price
Control both Incoming and Outgoing Scanning
Cross-site Request Forgery
Encyclopedia Part 2
Encyclopedia Part 3
Encyclopedia Part 4
Encyclopedia Part 5
Encyclopedia Part 6
Encyclopedia Part 7
Full Mail Archiver
Hyper V Virtual UTM Appliance
Sec-Point
Security Point
VPN Firewall
What is a 2.4 GHz Wi-Fi?
What is a Script Kiddie?
What is a Spanning Tree Protocol Attack?
What is a web application firewall?
What is an Elite Hacker?
What is ComboFix?
What is Denial-of Service Attack?
What is Diffie-Hellman Encryption?
What is ISSAP?
What is ISSMP?
What is Penetration Test?
What is RC4 Encryption?
What is the 5.8 GHz Wi-Fi?
What is the mail service attack on Microsoft Exchange Server?
What is Tunneling Protocol?
What is War Dialing?
Wifi Defender
WiFi Pen Test Appliance
Windows Operating System - Password Attacks
WPA2 Encryption

Want to be Contacted?

Click here to Get Contacted

Free Services

Free Wi-Fi Top 15 Security Tips
Free Vulnerability Scan

SecPoint News

� Meet SecPoint at Internet Discovery Day Malmo 2013
Come and meet SecPoint at Internet Discovery Day Malmo - Thursday 23 May - 15.00...
Monday May 20, 2013
View more news..

Awards & Reviews

View more awards..

	Free Services
Free Wi-Fi Top 15 Security Tips Free Vulnerability Scan

	SecPoint News
� Meet SecPoint at Internet Discovery Day Malmo 2013 Come and meet SecPoint at Internet Discovery Day Malmo - Thursday 23 May - 15.00... *Monday May 20, 2013* View more news..