LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are the six categories of Layer 2 switch attacks?

The six categories are: MAC (Media Access Control) Table Attacks, VLAN (Virtual Local Area Network) Attacks, DHCP (Dynamic Host Configuration Protocol) Attacks, ARP (Address Resolution Protocol) Attacks, Address Spoofing Attacks, and STP (Spanning Tree Protocol) Attacks.

Category Attack Examples Mitigation
MAC Table Attacks MAC address flooding (using tools like macof) Port Security
VLAN Attacks VLAN hopping (switch spoofing), double-tagging Disable DTP (Dynamic Trunking Protocol), set native VLAN to unused, explicit access mode
DHCP Attacks DHCP starvation (exhaust leases), DHCP spoofing (rogue server) DHCP Snooping
ARP Attacks ARP spoofing, ARP poisoning (fake gratuitous ARPs) Dynamic ARP Inspection (DAI)
Address Spoofing IP (Internet Protocol) address spoofing, MAC address spoofing IP Source Guard (IPSG)
STP Attacks STP manipulation (attacker becomes root bridge via BPDUs (Bridge Protocol Data Units)) BPDU Guard

Why these attacks are so dangerous:

  • They all exploit the inherent trust in Layer 2 protocols
  • Switches trust MAC addresses in frames (no verification)
  • Hosts trust any DHCP server that responds
  • Hosts trust any ARP reply they receive
  • STP trusts any BPDU it receives

The fundamental lesson: Layer 2 protocols were designed for functionality, not security. Every one of these attacks exploits a protocol doing exactly what it was designed to do — just with malicious input.

Go deeper:

From Quiz: NETW2 / LAN Security Concepts | Updated: Jul 14, 2026