nerdexam
EC-Council

312-50V10 · Question #933

Robin, a professional hacker, targeted an organization's network to sniff all the traffic. During this process. Robin plugged in a rogue switch to an unused port in the LAN with a priority lower than

The correct answer is D. STP attack. NOTE - the provided correct answer (C) appears to be an error in the answer key; the scenario describes an STP attack (D). Connecting a rogue switch configured with a lower bridge priority value to seize the root bridge role is a classic STP manipulation attack.

Sniffing

Question

Robin, a professional hacker, targeted an organization's network to sniff all the traffic. During this process. Robin plugged in a rogue switch to an unused port in the LAN with a priority lower than any other switch inthe network so that he could make it a root bridge that will later allow him to sniff all the traffic in thenetwork. What is the attack performed by Robin in the above scenario?

Options

  • AARP spoofing attack
  • BVLAN hopping attack
  • CDNS poisoning attack
  • DSTP attack

How the community answered

(37 responses)
  • A
    3% (1)
  • B
    11% (4)
  • C
    3% (1)
  • D
    84% (31)

Why each option

NOTE - the provided correct answer (C) appears to be an error in the answer key; the scenario describes an STP attack (D). Connecting a rogue switch configured with a lower bridge priority value to seize the root bridge role is a classic STP manipulation attack.

AARP spoofing attack

ARP spoofing sends forged ARP replies to poison neighbor ARP caches and redirect Layer 2 traffic at the endpoint level; it does not involve manipulating STP bridge priority elections.

BVLAN hopping attack

VLAN hopping exploits 802.1Q trunking misconfigurations or switch spoofing to send frames across VLAN boundaries, and does not involve root bridge manipulation via STP priority.

CDNS poisoning attack

DNS poisoning corrupts resolver caches to redirect domain lookups to attacker-controlled IPs; it is a Layer 7 technique entirely unrelated to switch priority values or STP behavior.

DSTP attackCorrect

In Spanning Tree Protocol, the switch with the lowest numeric bridge priority value wins the root bridge election, and all network traffic flows through it. By connecting a rogue switch configured with a bridge priority lower than any legitimate switch, Robin forces STP to elect his device as root bridge, causing all traffic in the network to traverse his switch and enabling him to passively sniff it.

Concept tested: STP root bridge hijacking via rogue switch priority

Source: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/spantree.html

Topics

#STP attack#spanning tree protocol#rogue switch#root bridge manipulation

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice