Loading AI tools
Denial-of-service attack on network devices From Wikipedia, the free encyclopedia
In computer networking, CDP spoofing is a technique employed to compromise the operation of network devices that use Cisco Discovery Protocol (CDP) for discovering neighboring devices. CDP spoofing is a network security threat that can be mitigated by taking precautionary measures.[1]
CDP was created by Cisco in 1994.[2] Its original intent was to make it easier to find other devices on a network.[1] CDP may be used between Cisco routers, switches and other network equipment to advertise their software version, capabilities and IP address.[3]
The two versions of CDP are CDPv1 and CDPv2:
CDP is enabled by default on all Cisco routers, switches and servers. The protocol can be disabled across a network; however, if it is disabled on an interface and the encapsulation is changed, it will be re-enabled on that interface.[5][6] The protocol is most often used to aid network administrators by finding and discovering devices easier. When devices are discovered easier, it can help with certain network problems, device arrangement, network management and other networking tasks.[1]
Although these can be beneficial features, attackers can accumulate this information about the devices, which leaves the device's type, IP address and IOS version exposed and vulnerable. Attackers can use this information to mimic other devices, steal information and create other various network problems.[1]
Popeskic recommends disabling CDP on the entire device, rather than just the interfaces, to fully mitigate the threat of CDP Spoofing or attacks through CDP. Some suggest disabling CDP if it is not in use on the device or if it is not a necessity for the device.[7]
Although CDP is enabled by default, if disabled, it can be re-enabled globally (or on all interfaces) with the command:[1][4]
(config)# cdp run
To disable it globally:
(config)# no cdp run
To enable it on certain interface(s):
(config-if)# cdp enable
To disable it on certain interface(s):
(config-if)# no cdp enable
In a table, to display whether or not a device has established a connection between another device or devices:
(device name)# show cdp neighbors
Note: This command will show the names of other devices, which ports are connecting the devices, model name/number, and features of the device.[1]
To show the traffic that is passed between the CDP devices:
(device name)# show cdp traffic
These commands can help mitigate or detect CDP attacks, such as CDP spoofing. It can also help discover flaws within the system, e.g.; mismatched native VLANs, that could be inhibiting the connection between other devices.[4]
When a router running CDP receives a CDP packet, it begins to build a table that lists the neighboring devices. Once the devices are discovered, they intermittently send a packet of updated information to each other. This packet contains various information about the interfaces and devices types and names.[1]
These packets sent through CDP are not encrypted, creating the messages between devices to be easily read through plain-text.[7]
CDP spoofing is the creation of forged packets to impersonate other devices, either real or arbitrary. This attack is a type of Denial-of-Service (DoS) attack that is used to flood connected devices using CDP.[8]
An attacker can exploit this functionality by sending thousands of spoofed CDP packets to the multicast MAC address 01:00:0C:CC:CC:CC to fill neighbor tables in any devices on the network that run CDP.[9] When this happens, other traffic on the network may be dropped as the device does not have the resources necessary to route it. The device's command line interface may also become unresponsive making it difficult to disable CDP during an ongoing attack.
Some administrators may disable CDP at the cost of not being able to benefit from CDP.
Seamless Wikipedia browsing. On steroids.
Every time you click a link to Wikipedia, Wiktionary or Wikiquote in your browser's search results, it will show the modern Wikiwand interface.
Wikiwand extension is a five stars, simple, with minimum permission required to keep your browsing private, safe and transparent.