Advanced AI Cyber Security

Encyclopedia /

What is a Spanning Tree Protocol Attack?

Different kinds of link layer network protocol are available today and that is designed for the main purpose of guaranteeing any of the bridged-LAN with a loop-free logical topology.

This network protocol is known to be as the spanning tree protocol or STP. And, according to the experts in this field, the fundamental role of the spanning tree protocol is to stop the occurrence of bridge loops and it also operates in developing a broadcast radiation.

A loop-free logical topology is produced because STP permits switching even though there are existing physical loops within the network.

Topology Root Bridge

The mechanism involved in the spanning tree protocol allows it to function by altering the switch ports so that it can block or forward various conditions in accordance to the kinds of segments they are linked with.

Spanning tree protocol involves three phases on how it generates its topology. Launching of a topology begins with selection of a root bridge. And then, one root port must be chosen for each of the non-root bridge.

Lastly, a designated port must also be picked with every network segment.

RAW configuration and transmission

Based on the reports made by security specialists, there are different types of attacks that directly target the spanning tree protocol.

The most commonly known STP attacks include sending of RAW configuration BDPU and transmission of RAQ TCN BDPU.

In addition, STP attacks also involve the denial-of-service or DOS transferring RAW configuration BDPU as well as denial-of-service attack that launch RAW TCN BDPU.

Three more assaults were noted by experts, which badly influences the spanning tree protocol, and these are claiming of the Root Role, other role, and the Root Role Dual-Home (MITM).

For every attack, there should always be an existing method so as to have even just a slight defense against it.

According to some written reports, there are currently three countermeasures on hand that can fight off the attacks on the STP.

Some of the key counter measures can be offered to most of today’s switches while the remaining depends more on a piece of hardware.

The three countermeasures are the following: BDPU filtering, BDPU guard, and Layer 2 PDU rate limiter.

Vulnerability Scanner - Vulnerability Management

wifi cracking

➤ Related pages
All Modules Included at 1 Price
Attack on Exchange Server?
Cross-site Request Forgery
Encyclopedia Part 2
Encyclopedia Part 3
Encyclopedia Part 4
Encyclopedia Part 5
Encyclopedia Part 6
Encyclopedia Part 7
Hyper V Virtual UTM Appliance
Security Point
VPN Firewall
WPA2 Encryption
What is ComboFix?
What is Denial-of Service Attack?
What is Diffie-Hellman Encryption?
What is Penetration Test?
What is Spanning Tree Protocol?
What is Tunneling Protocol?
What is War Dialing?
What is a 2.4 GHz Wi-Fi?
What is a Script Kiddie?
What is a Web Application Firewall?
What is an Elite Hacker?
What is the 5.8 GHz Wi-Fi?
WiFi Pen Test Appliance
Windows Operating System
SecPoint® Cyber Security