nerdexam
EC-Council

312-50V13 · Question #35

An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?

The correct answer is A. He will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.. The question asks what an attacker would typically do immediately after successfully performing an STP manipulation attack.

Submitted by stefanr· Mar 6, 2026Sniffing

Question

An attacker with access to the inside network of a small company launches a successful STP manipulation attack. What will he do next?

Options

  • AHe will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.
  • BHe will activate OSPF on the spoofed root bridge.
  • CHe will repeat this action so that it escalates to a DoS attack.
  • DHe will repeat the same attack against all L2 switches of the network.

How the community answered

(45 responses)
  • A
    71% (32)
  • B
    9% (4)
  • C
    4% (2)
  • D
    16% (7)

Why each option

The question asks what an attacker would typically do immediately after successfully performing an STP manipulation attack.

AHe will create a SPAN entry on the spoofed root bridge and redirect traffic to his computer.Correct

After spoofing the root bridge using an STP manipulation attack, the attacker can force all network traffic to flow through their compromised machine. The next logical step is to configure a SPAN (Switched Port Analyzer) entry on the now-controlled root bridge, effectively port mirroring, to redirect a copy of this traffic to their computer for sniffing and analysis.

BHe will activate OSPF on the spoofed root bridge.

OSPF is a Layer 3 routing protocol, and activating it is not a direct or necessary follow-up to a Layer 2 STP manipulation attack aimed at traffic interception.

CHe will repeat this action so that it escalates to a DoS attack.

While a DoS can be a consequence, the primary objective of an STP manipulation is often man-in-the-middle for traffic interception, and simply repeating the action for DoS is not the next step for data exfiltration.

DHe will repeat the same attack against all L2 switches of the network.

Spoofing the root bridge is sufficient to control traffic flow; repeating the attack against all other L2 switches is redundant and unnecessary for the goal of traffic redirection.

Concept tested: STP attack consequences and traffic redirection

Source: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12_2_25_see/configuration/guide/scg/swspan.html

Topics

#STP attack#network reconnaissance#traffic redirection#MITM

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice