Saturday, December 24, 2016

CDP Flooding Attack for Denial of Service of Cisco Switches

Very simple attack to launch.. will cause a DoS attack for a Cisco Switch. By flooding the CDP table switch gets an overhead in processes and will not be able to handle user traffic as usual.

Tools used: Yersinia in Kali Linux

Boot up the Kali Linux box from either Live USB or from a dedicated PC and connect it to a Cisco switch and enter the following command in terminal.
yersinia -G








It will start the GUI of Yersinia tool.. (click on the images to view in full screen)






















Go to Launch Attack..

Select flooding cdp table and hit OK.

As soon as you hit OK, it will start generating thousands of CDP packets within seconds and they will fill out the CDP table of the switch and PCs connected to the switch will start to working slowly..






You can see the false CDP packets generated by the tool or if you have access to the switch you can enter show cdp neighbors to view what happened to the CDP table..






















Before the attack is launched CDP traffic was like this..










When the attack was in progress, CDP traffic is like the following.. You can see 4653 inputs are there and an error message indicates that the memory allocation is failed..








How to protect from this?

Just disable CDP on access ports..

0 comments to “CDP Flooding Attack for Denial of Service of Cisco Switches”

Post a Comment