I'm studying the attacks against the Spanning tree protocol. The idea of the attack I'm studying is to become the MITM. In my research I found two programs in Backtrack 4 capable of doing this attack:
Ettercap using the stp_mangler plugin
#ettercap -TqP stp_mangler
I use two Cisco switches, both using the default factory settings. Two hosts running windows xp each connected to a switch. I generate some traffic to sniff between the hosts. I run Backtrack 4 on a third computer with two network adapters. Each network adapter is connected to a switch.
Man page yersinia yersinia(8): FrameWork for layer 2 attacks - Linux man page
When I start the attack with Yersinia STP attack 6, yersinia terminates. (this attack needs two network adapters)
When I start the attack with Yersinia STP attack 4, I see with wireshark that STP packets are send. But I don't get to see traffic of the hosts.
When I start the attack with ettercap stp_mangler plugin, I see with wireshark that STP packets are send. But I don't get to see traffic of the hosts.
Searching google and this forum I couldn't find any examples or informations about this attack.
Dose some one have experience with this kind of attack and information about it?
By searching some more I found this tread:
Thorin suggests here some papers about STP claiming root attack. Thanks Thorin.
In the blackhat paper they add a "Hub" to the setup. By doing this both programs worked like a charm. The hub comes between both switches and the attacker.