This video is for information only. DO NOT use this in a production network. if you are new in this field like me, you can cause a big mess even if you have a permission.
What is DTP ?
DTP is a dynamic trunking protocol which automates 802.1Q and ISL (inter switch link) configuration. DTP gives switches an ability to to negotiate trunking method with other DTP capable devices. DTP state on switch ports can be set to
1- Auto : it does not initiate but it accepts and respond to trunking negotiation
2- On : it is manually configured to be a trunk
3- Off : it is manually configured to be a access port
4- Desirable : it initiates the trunking
5- Nonegatiate : no DTP packets are sent.
By default, administrative mode of the ports are not access (off) mode.If the port is in dynamic auto or desirable mode, and if it receives a DTP packet which says " I am a trunk or I want to be a trunk", the port becomes a trunk port.
| Switchport Mode | Access | Dynamic Desirable | Dynamic Auto | Trunk |
| Access | No Trunk | No Trunk | No Trunk | No Trunk |
| Dynamic Auto | No Trunk | Trunk | No Trunk | Trunk |
| Dynamic Desirable | No Trunk | Trunk | Trunk | Trunk |
| Trunk | No Trunk | Trunk | Trunk | Trunk |
By default trunk ports have access all VLANs. If an attacker's machine can spoof as a switch, the attacker then becomes a member of all VLANs.
What is STP ?
STP is spanning tree protocol which is used to prevent loops in a switched networks. To provide loop-free switched networks, switches have to choose a root bridge and consider their ports' roles such as root, designated, or blocked. Root bridge is a switch with a smallest Bridge-ID (bridge-id has a two number 1-MAC address of the switch, and 2- configurable priority between 0 - 65535) After determining the root bridge, switches determines the least cost to reach the root bridge.
If the attacker spoof his/her system as a root bridge in the topology, the attacker can see variety of frames or can cause the network become down. To spoof, the attacker broadcast conf BPDU and tcn BPDU to force spanning tree recalculations. (BPDU: Bridge Protocol Data Unit)
What is CDP ?
"The Cisco Discovery Protocol (CDP) is a prapriotery Layer2 network protocol which is implemented in most Cisco networking equipment. It is used to share information about other directly connected Cisco equipment, such as the operating system, device ID, version or IP address." (http://en.wikipedia.org/wiki/Cisco_Discovery_Protocol)
YERSINIA
Yersinia is a network tool designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems. You can find more detailed information here and the man page here
very powerful tool but i hope that the coming version work also on windows
ReplyDelete