Spanning-Tree Protocol Vulnerabilities
Spanning-Tree Protocol vulnerabilities

Another attack against switches involves intercepting traffic by attacking the Spanning-Tree Protocol. This protocol is used in switched networks to prevent the creation of bridging loops in an Ethernet network topology. Upon bootup the switches begin a process of determining a loop-free topology. The switches identify one switch as a root bridge and block all other redundant data paths.

By attacking the Spanning-Tree Protocol, the network attacker hopes to spoof his or her system as the root bridge in the topology. To do this the network attacker broadcasts out Spanning-Tree Protocol Configuration/Topology Change Bridge Protocol Data Units (BPDUs) in an attempt to force spanning-tree recalculations. The BPDUs sent out by the attacking system announce that the attacking system has a lower bridge priority. If successful, the network attacker can see a variety of frames. Figure illustrates how a network attacker can use Spanning-Tree Protocol to change the topology of a network so that it appears that the attacking host is a root bridge with a higher priority. By transmitting spoofed BPDUs, the network attacker causes the switches to initiate spanning-tree recalculations. The two switches then forward frames through the attacking system once it has become the root bridge.