Which type of network attack takes advantage of the Dynamic Trunking Protocol (DTP)?
- VLAN hopping
- MAC flooding
- DHCP spoofing
- Rogue access points
VLAN hopping is an attack deigned to gain unauthorized access to a VLAN by using DTP to negotiate a trunk link with another switch. If a switch port configured as DTP auto was toreceive a fake DTP packet, it might become a trunk port and begin accepting traffic destined for any VLAN. Therefore, a malicious user could start communicating with other VLANs through that compromised port.
A MAC flooding attack does not use DTP as a part of its operation. This attack floods the switch with fake MAC addresses until the MAC table is full. When this happens, the switch starts sending all frames out all ports, allowing the hacker to capture data from all ports.
DHCP snooping does not use DTP as a part of its operation. It is not an attack but a security measure. DHCP snooping filters un-trusted DHCP messages using a DHCP snooping binding database. A DHCP snooping binding database is also referred to as a DHCP snooping binding table. This can be used to prevent a rouge DHCP server from assigning configuration information to clients.
Rogue access points do not use DTP as a part of their operation. These are unauthorized access points connected to an open switch port or wall outlet for the purpose of gaining access to the wired network wirelessly.
Configure and verify switch security features