First page Back Continue Last page Image

Layer 2 (Switch) Attack Categories

When the system was designed we inherently trusted all persons and devices connected to our LAN

Today, with BYOD and more sophisticated attacks, our LANs have become more vulnerable

Category	Examples
MAC Table Attacks	Includes MAC address flooding attacks.
VLAN Attacks	Includes VLAN hopping and VLAN double-tagging attacks. It also includes attacks between devices on a common VLAN.
DHCP Attacks	Includes DHCP starvation and DHCP spoofing attacks.
ARP Attacks	Includes ARP spoofing and ARP poisoning attacks.
Address Spoofing Attacks	Includes MAC address and IP address spoofing attacks.
STP Attacks	Includes Spanning Tree Protocol manipulation attacks.

Security is only as strong as the weakest link in the system, and Layer 2 is considered to be that weak link because LANs were traditionally under the administrative control of a single organization