Quiz Entry - updated: 2026.07.14
What are the six categories of Layer 2 switch attacks?
The six categories are: MAC (Media Access Control) Table Attacks, VLAN (Virtual Local Area Network) Attacks, DHCP (Dynamic Host Configuration Protocol) Attacks, ARP (Address Resolution Protocol) Attacks, Address Spoofing Attacks, and STP (Spanning Tree Protocol) Attacks.
| Category | Attack Examples | Mitigation |
|---|---|---|
| MAC Table Attacks | MAC address flooding (using tools like macof) |
Port Security |
| VLAN Attacks | VLAN hopping (switch spoofing), double-tagging | Disable DTP (Dynamic Trunking Protocol), set native VLAN to unused, explicit access mode |
| DHCP Attacks | DHCP starvation (exhaust leases), DHCP spoofing (rogue server) | DHCP Snooping |
| ARP Attacks | ARP spoofing, ARP poisoning (fake gratuitous ARPs) | Dynamic ARP Inspection (DAI) |
| Address Spoofing | IP (Internet Protocol) address spoofing, MAC address spoofing | IP Source Guard (IPSG) |
| STP Attacks | STP manipulation (attacker becomes root bridge via BPDUs (Bridge Protocol Data Units)) | BPDU Guard |
Why these attacks are so dangerous:
- They all exploit the inherent trust in Layer 2 protocols
- Switches trust MAC addresses in frames (no verification)
- Hosts trust any DHCP server that responds
- Hosts trust any ARP reply they receive
- STP trusts any BPDU it receives
The fundamental lesson: Layer 2 protocols were designed for functionality, not security. Every one of these attacks exploits a protocol doing exactly what it was designed to do — just with malicious input.
Go deeper:
Network switch (Wikipedia) — how MAC learning and CAM forwarding work, the trusting behaviour every attack exploits.