ā10-14-2011 01:30 AM - edited ā03-07-2019 02:48 AM
Hello,
Im reading a LAN SWITCH Security book and i have a question regarding this sentence from the book:
"a root port should typically be sending many more BPDUs than it is receiving. The opposite is taking place here, indicating suspicious activity."
But the root port in stable topology doesn't forward (send) and BPDU's at all. It just receives on it's port and forwards to desiganted ports on that switch.
Here is example from my network topology:
gigabitEthernet 0/12 is root port in vlan 80:
show spanning-tree vlan 80 interface gigabitEthernet 0/12 detail
Port 12 (GigabitEthernet0/12) of VLAN0080 is forwarding
Port path cost 4, Port priority 128, Port Identifier 128.12.
Designated root has priority 32848, address 0055.9331.d880
Designated bridge has priority 32848, address 0055.9331.d880
Designated port id is 128.26, designated path cost 0
Timers: message age 1, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 54, received 29995327
is this a mistake in a book?
Solved! Go to Solution.
ā10-14-2011 02:34 AM
This is mistake indeed. They should have written non-root port.
What they described in that article is that they sent malicious BPDU to generic non-root port 8/1 and made it root. So that became root port and started to receive more BPDUs when it sent. Whish is normal for root port.
Same for your network - root port - receiving more than sending.
Nik,
ā10-14-2011 02:34 AM
This is mistake indeed. They should have written non-root port.
What they described in that article is that they sent malicious BPDU to generic non-root port 8/1 and made it root. So that became root port and started to receive more BPDUs when it sent. Whish is normal for root port.
Same for your network - root port - receiving more than sending.
Nik,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide