10.2.2.1.4. LLDP Attack / Inspsection Attack

Cisco Discovery Protocol (CDP) and Link Layer Discovery Protocol (LLDP) are used for similar purposes. Both provide a way to see what types of devices are connected on a link and some device configuration (IP address, software version, etc.). Often this information is used by network engineers to improve troubleshooting efficiency in large networks. However, this information is typically also available to anyone who is "listening", which means that an attacker would need to listen on the same connection to learn a large amount of information about connected devices.

LLDP Attack

Link Layer Discovery Protocol (LLDP) is a device-independent protocol at the Data Link layer of the network. Its primary function is to help network devices discover each other and share information about their capabilities, such as device type, port ID, VLAN ID, and more. LLDP is an open source alternative to Cisco Discovery Protocol.

Due to the lack of integrity detection of LLDP packets in the controller's link service, an attacker can create a spoofed connection between two switches with a link spoofing attack, which is either an LLDP Spoofing attack or an LLDP Forwarding attack. 

LLDP manages ports, this data is stored separately per port. The "lldp receive" command is used to receive LLDP through the device, the no form of this command is used to stop LLDP reception from an interface. Received LLDP packets are sent over the interface with the "lldp transmit" command.

no lldp receive

no lldp transmit