Thursday, February 16, 2012


Privilege Escalation -> Spoofing Attacks -> Network Spoofing -> yersinia

yersinia is a vulnerability testing tool for LAN protocols (cdp, dhcp, dot1q, dot1x, dtp, hsrp, isl, stp, vtp). For example, we can do:
- CDP flooding
- Trunk port creation with DTP (dynamic trunking protocol)
- VLAN creation / removal with VTP
- Creating fake Spanning Tree root device

It has 2 main modes: command line and GUI based, for using the first one, we need to dig a lot in its manual in order to do something, and the graphical interface is said to be only in beta. In reality both modes has a few bugs. Unfortunately I can't do examples, cause I don't have a switch to test with.

Starting GUI mode:

yersinia -G

We can start an attack at the "launch attack" menu, and stop in the "list attacks" menu.

Protection for the various protocols:

cdp - enable only where needed
dhcp - dhcp snooping
dot1q - configure static access ports towards the hosts
dot1x - use certificate authentication
dtp - turn it off, and use static trunk / access ports
hsrp - use authentication
isl - see dot1q
stp - use spanning tree protection features like BPDU guard, root guard, etc...
vtp - use authentication, or don't use vtp at all

No comments: