Yersinia: Ferramenta de testes de intrusão focada em Switches.

Yersinia é uma interessante ferramenta de testes de intrusão para quem deseja analisar as vulnerabilidades de equipamentos de camada 2 OSI – Enlace, como os switches.

Yersinia em ação.

O Yersinia suporta os seguintes protocolos:

• Spanning Tree Protocol (STP)
• Cisco Discovery Protocol (CDP)
• Dynamic Trunking Protocol (DTP)
• Dynamic Host Configuration Protocol (DHCP)
• Hot Standby Router Protocol (HSRP)
• IEEE 802.1Q
• IEEE 802.1X
• Inter-Switch Link Protocol (ISL)
• VLAN Trunking Protocol (VTP)

E realiza os seguintes tipos de ataques:

Spanning Tree Protocol

1. Sending RAW Configuration BPDU
2. Sending RAW TCN BPDU
3. DoS sending RAW Configuration BPDU
4. DoS sending RAW TCN BPDU
5. Claiming Root Role
6. Claiming Other Role
7. Claiming Root Role dual home (MITM)

Cisco Discovery Protocol

1. Sending RAW CDP packet
2. DoS flooding CDP neighbors table
3. Setting up a virtual device

Dynamic Host Configuration Protocol

1. Sending RAW DHCP packet
2. DoS sending DISCOVER packet (exhausting ip pool)
3. Setting up rogue DHCP server
4. DoS sending RELEASE packet (releasing assigned ip)

Hot Standby Router Protocol

1. Sending RAW HSRP packet
2. Becoming active router
3. Becoming active router (MITM)

Dynamic Trunking Protocol

1. Sending RAW DTP packet
2. Enabling trunking

802.1Q

1. Sending RAW 802.1Q packet
2. Sending double encapsulated 802.1Q packet
3. Sending 802.1Q ARP Poisoning

802.1X

1. Sending RAW 802.1X packet
2. Mitm 802.1X with 2 interfaces

VLAN Trunking Protocol

1. Sending RAW VTP packet
2. Deleting ALL VLANs
3. Deleting selected VLAN
4. Adding one VLAN
5. Catalyst crash

Ele roda nos seguintes sistemas operacionais OpenBSD, Linux, Solaris e Mac OSX.

O link de um paper muito bom quanto a ataques layer2/camada2.

Para fazer o download do carinha.