: In an STP attack, a malicious actor sends Bridge Protocol Data Units (BPDUs) with a higher priority (lower numerical value) to force the network to elect their device as the "Root Bridge". This causes all network traffic to flow through the attacker's device for interception.
: Attackers send falsified ARP messages to a local network to link their MAC address with the IP address of a legitimate server or gateway. This allows them to intercept, modify, or stop data in transit, often facilitating Man-in-the-Middle (MitM) attacks.
What Is ARP (Address Resolution Protocol)? How Does It Work? ARP a STP Гєtoky.pptx
: Automatically disables a port if it receives an STP BPDU, preventing unauthorized devices from influencing the STP topology.
: Validates ARP packets on the network to prevent spoofing. : In an STP attack, a malicious actor
: Prevents a port from becoming a root port, ensuring the Root Bridge remains on a trusted core switch.
: While often associated with switches, this attack fills a switch's CAM table with fake MAC addresses, forcing it to act like a hub and broadcast all traffic to every port, where an attacker can sniff it. Common Mitigations This allows them to intercept, modify, or stop
: Both protocols can be exploited to cause Denial of Service (DoS) . For example, flooding a network with ARP requests can overwhelm device tables, while STP loops (caused by disabled or misconfigured STP) can create broadcast storms that crash the network.