Stealth analysis of Network Topology using Spanning Tree Protocol

Abstract

Almost every network over the last 30 years is built on Spanning Tree Protocol (STP). This protocol makes topology information available to individual switches by exchanging Bridge Protocol Data Units (BPDUs) containing data fields which enable the Spanning Tree Algorithm (STA) to determine a hierarchy of switches on the network. A review of literature shows limited investigation into information leakage due to this protocol has been carried out since its first publication by the Digital Equipment Corporation (DEC) in 1985. Scripts were developed using the Python Programming language accepting information from STP Packets with the aim of identifying the network topology of a Local Area Network (LAN) as well as information leakage from STP. Mitigation techniques for any information leakage discovered are discussed. As a result of this project the viability of a security auditor using the developed scripts within a LAN in order to obtain a situation awareness of the network security perimeter of an organisation and assets within in this perimeter is also determined.