SecPoint - Best IT Security
The best Innovative and powerful IT Security products

Encyclopedia /

What is a Spanning Tree Protocol Attack?

Different kinds of link layer network protocol exist today and one of which is designed for the main purpose of guaranteeing any of the bridged-LAN with a loop-free logical topology. This network protocol is known to be as the spanning tree protocol or STP.
And, according to the experts in this field, the fundamental role of the spanning tree protocol is to stop the occurrence of bridge loops and it also operates in developing a broadcast radiation. A loop-free logical topology is produced because STP permits switching even though there are existing physical loops within the network.

Topology Root Bridge

The mechanism involved in the spanning tree protocol allows it to function by altering the switch ports so that it can block or forward various conditions in accordance to the kinds of segments they are linked with. Spanning tree protocol involves three phases on how it generates its topology. Launching of a topology begins with selection of a root bridge. And then, one root port must be chosen for each of the non-root bridge. Lastly, a designated port must also be picked with every network segment.

RAW configuration and transmission

Based on the reports made by security specialists, there are different types of attacks that directly target the spanning tree protocol. The most commonly known STP attacks include sending of RAW configuration BDPU and transmission of RAQ TCN BDPU. In addition, STP attacks also involve the denial-of-service or DOS transferring RAW configuration BDPU as well as denial-of-service attack that launch RAW TCN BDPU. Three more assaults were noted by experts, which badly influences the spanning tree protocol, and these are claiming of the Root Role, other role, and the Root Role Dual-Home (MITM).
For every attack, there should always be an existing method so as to have even just a slight defense against it. According to some written reports, there are currently three countermeasures on hand that can fight off the attacks on the STP. Two of these countermeasures are offered to most of today’s switches while the remaining depends more on a piece of hardware. The three countermeasures are the following: BDPU filtering, BDPU guard, and Layer 2 PDU rate limiter.
 Vulnerability Scanner - Vulnerability Management 

➤ Related pages
All Modules Included at 1 Price
Attack on Exchange Server?
Cross-site Request Forgery
Encyclopedia Part 2
Encyclopedia Part 3
Encyclopedia Part 4
Encyclopedia Part 5
Encyclopedia Part 6
Encyclopedia Part 7
Hyper V Virtual UTM Appliance
Security Point
VPN Firewall
What is a 2.4 GHz Wi-Fi?
What is a Script Kiddie?
What is a Web Application Firewall?
What is an Elite Hacker?
What is ComboFix?
What is Denial-of Service Attack?
What is Diffie-Hellman Encryption?
What is ISSAP?
What is ISSMP?
What is Penetration Test?
What is RC4 Encryption?
What is Spanning Tree Protocol?
What is the 5.8 GHz Wi-Fi?
What is Tunneling Protocol?
What is War Dialing?
WiFi Pen Test Appliance
Windows Operating System
WPA2 Encryption

Powerful UTM Firewall, Vulnerability Scanner, WiFi Penetration Testing software

SecPoint is specialized to deliver the best IT security solutions and products.

Compatible with Product
Securely protected by SecPoint
Customer reference King Customer reference New York Customer reference ROC Customer reference Rochdale Customer reference Roscrea Customer reference Tradetracker Customer reference Unicef Customer reference King Customer reference New York Customer reference Roc Customer reference Rochdale Customer reference Roscrea Customer reference Tradetracker Customer reference Unicef