CDP Flood Attack on Cisco Switches

I thought of doing some actual attacks using real network devices. If your are a Network Engineer or a Security Engineer , this will helps you a lot in the industry when working with devices and maintaining security. In this attack I’m going to exploit Cisco Switches using Kali Linux. We will be mainly looking at Cisco Discovery Protocol (CDP) which is a Data Link Layer Protocol used to share info without other devices directly connected to the switch.

This is kind of a DoS (Denial of Service) attack. Simply with a CDP Flood the whole switch is overloaded, the MAC table also overflows and this can cause the switch to forward frames out of all ports which is likely as a hub. And when it does you can fire up a something like wireshark and sniff all the data on the network because all frames are forwarded out of the ports where a normal switch only forwards to its correct destination MAC.

Lets try this (Note: This only for educational purposes and don’t try this on real networks which you don’t own)

Fire up Kali Linux or any Linux OS and Install Yersinia ( Note: Yersinia is a framework which is used to preform layer 2 attacks and test weaknesses in the network)

Type : apt-get install Yersinia

- Open Yersinia and if the switches are connected you will see the Cisco Switch as Below

If any issues are arise please do apt-get update

Lets Flood CDP neighbor table in the Switch

- First in-order to perform the attack select “Launch Attack” and send a CDP packet to the switch as shown below.

Send a CDP Packet

Then CDP packet is sent to the switch

- Then you can check the Yersinia log and see that the attack has been launched as shown below

Attack log

You can see that the attack has been launched

- Then After the connectivity select Launch attack and Select Flood CDP table (This will Flood the CDP table ) as shown below

Select Flood CDP table

You can see the CDP flood as below

CDP Flood

In Switch type Sh CDP Traffic and you will see lots of CDP inputs and your switch will starts to blink all the lights

All the inputs are form yersinia

If you want to stop the attack “Select Stop All Attacks”

To Stop CDP Floods its good to Disable CDP on switches, not only the end node facing interfaces..the whole switch.




Security Researcher | Web App & Network Penetration Tester

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Age of Ottoman Hack Free Resources Generator

How to become a first world digital citizen

Hacken Weekly Review: 21–25 March 2022

Pessimism and Security

Hacken Club Ecosystem Community Update — July 2020

RSA 2019 Predictions

{UPDATE} 全民飞行棋-大富翁飞行棋游戏 Hack Free Resources Generator

Recon Any Website With Single Click

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Supun Halangoda (Suppa)

Supun Halangoda (Suppa)

Security Researcher | Web App & Network Penetration Tester

More from Medium

Hack the Box — Bare Metal

PicoCTF 2022 — Binary Exploitation: ropfu

Is The Cost Of Predictive Cyber Security Worth The Investment?

Deep web OSINT