Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
575
Views
1
Helpful
2
Replies

Source address from a CDP Spoofing packet

mcollins1983
Level 1
Level 1

‎01-04-2017 08:23 PM - edited ‎03-08-2019 08:48 AM

Hello,

I was was wondering if anyone knows if the same or different source address is used in a CDP Spoofing attack?

Reason I ask is, I'm wondering if using port security would help to guard against such an attack.

Thanks.

Labels:
0 Helpful
2 Replies 2

acampbell
VIP Alumni
VIP Alumni

‎01-05-2017 06:53 AM

Hi,

CDP uses a layer2 MAC multicast address  01:00:0C:CC:CC:CC as the destination

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/cdp/configuration/15-mt/cdp-15-mt-book/nm-cdp-discover.html

Also see https://wiki.wireshark.org/CDP for frame inspection

If you are worried about CDP coming into ports you dont want it on then it would be OK to disable it on a per port basis required

!

int g1/0/1

no cdp ena

!

Regards

Alex

Regards, Alex. Please rate useful posts.

Tausif Gaddi
Level 1
Level 1
In response to acampbell

‎01-10-2017 07:17 PM

Cisco Discovery Protocol Configuration Guide, Cisco IOS Release 15M&T  http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/cdp/configuration/15-mt/cdp-15-mt-book/nm-cdp-discover.html is a good reference.

0 Helpful
Customers Also Viewed These Support Documents