CDP Flood Attack on Cisco Switches
I thought of doing some actual attacks using real network devices. If your are a Network Engineer or a Security Engineer , this will helps you a lot in the industry when working with devices and maintaining security. In this attack I’m going to exploit Cisco Switches using Kali Linux. We will be mainly looking at Cisco Discovery Protocol (CDP) which is a Data Link Layer Protocol used to share info without other devices directly connected to the switch.
This is kind of a DoS (Denial of Service) attack. Simply with a CDP Flood the whole switch is overloaded, the MAC table also overflows and this can cause the switch to forward frames out of all ports which is likely as a hub. And when it does you can fire up a something like wireshark and sniff all the data on the network because all frames are forwarded out of the ports where a normal switch only forwards to its correct destination MAC.
Lets try this (Note: This only for educational purposes and don’t try this on real networks which you don’t own)
Fire up Kali Linux or any Linux OS and Install Yersinia ( Note: Yersinia is a framework which is used to preform layer 2 attacks and test weaknesses in the network)
Type : apt-get install Yersinia
- Open Yersinia and if the switches are connected you will see the Cisco Switch as Below
If any issues are arise please do apt-get update
Lets Flood CDP neighbor table in the Switch
- First in-order to perform the attack select “Launch Attack” and send a CDP packet to the switch as shown below.
Send a CDP Packet
Then CDP packet is sent to the switch
- Then you can check the Yersinia log and see that the attack has been launched as shown below
You can see that the attack has been launched
- Then After the connectivity select Launch attack and Select Flood CDP table (This will Flood the CDP table ) as shown below
Select Flood CDP table
You can see the CDP flood as below
In Switch type Sh CDP Traffic and you will see lots of CDP inputs and your switch will starts to blink all the lights
All the inputs are form yersinia
If you want to stop the attack “Select Stop All Attacks”
To Stop CDP Floods its good to Disable CDP on switches, not only the end node facing interfaces..the whole switch.