How does the root in spanning tree protocol works?

Question

I am studying spanning tree protocol attacks and I would like to understand a thing. The root is on the "top" of the tree, how can we exploit this to put in place an attack? We can, in some way, become the root, but what privileges would we get doing this? I don't get if the root can read all the packtes, bacause I thought that if two host are connected in a "sub-part" of the tree, the root doesn't see any message, or am I wrong?

So it would be useful just because I have more chances to read more messages but I will never see ALL the messages, right?

Another thing, how can I put in place an arp spoofing attack being the root?

Thanks

Everything you said so far seems to be correct. – user253751 Jul 02 '21 at 10:25 — user253751, Jul 02 '21 at 10:25

score 0 · Answer 1 · answered Jul 03 '21 at 09:50

The exploit here would effectively be a Denial of Service attack.

When a new Root bridge is elected in the STP topology, the entire Layer 2 network needs to re-converge, during this time every switch has to move through the STP states (Listening, Learning) to discover the new STP topology, during the initial states MAC addresses are not stored in MAC tables and no frames are forwarded meaning that during this time (30 seconds for 802.1D) no traffic is being moved through the network.

The affect of this can be prolonged by constantly forcing the network to re-converge between the “real” Root bridge and the attackers fake Root bridge.

How does the root in spanning tree protocol works?

1 Answers1