Which of the following is true about CDP?
- It can be used to discover the network topology
- It is used to generate a denial of service attack
- It can be used as part of a MAC address flooding attack
- It is used to generate a MAC spoofing attack
Cisco Discovery Protocol (CDP) is a Cisco proprietary protocol used by Cisco devices to obtain information about directly connected devices that are also made by Cisco. Since this information includes name, device type and capabilities, IP address, and other identifying information, if these packets are captured they can be used to map the network topology. Since the first step in the hacking process (Discovery, Penetration, and Control) is discovery, this can be a security threat.
CDP is not used to generate a DoS (denial-of-service) attack, which is an attack designed to overwhelm a device with work requests that make it unavailable for its normal jobs.
CDP is not used as part of a MAC address flooding attack. This is performed by a hacker creating packets with unique MAC addresses and flooding the switch’s CAM table with these packets. When the CAM buffer is full, the switch will start sending packets out all interfaces enabling the hacker to capture packets from all switch ports, which is normally not possible on a switch, where each port is its own collision domain. CDP plays no role in this process.
CDP is not used to generate a MAC spoofing attack. This type of attack involves the creation of a packet using the MAC address of a known host in the network for the purpose of redirecting traffic to the hacker’s machine instead. CDP plays no role in this process.
Layer 2 Technologies
Configure and verify Layer 2 protocols