Материал из

Перейти к: навигация, поиск
Данная страница находится в разработке.
Эта страница ещё не закончена. Информация, представленная здесь, может оказаться неполной или неверной.

Если вы считаете, что её стоило бы доработать как можно быстрее, пожалуйста, скажите об этом.

Эта страница является переводом man-страницы сетевой утилиты Yersinia, которая позволяет эксплуатировать недостатки ряда протоколов, использующихся активным сетевым оборудованием.


[править] Имя

Yersinia - A FrameWork for layer 2 attacks

[править] Синтаксис

yersinia [-hVGIDd] [-l logfile] [-c conffile] protocol [-M] [protocol_options]

[править] Описание

yersinia is a framework for performing layer 2 attacks. The following protocols have been implemented in Yersinia current version: Spanning Tree Protocol (STP), VLAN Trunking Protocol (VTP), Hot Standby Router Protocol (HSRP), Dynamic Trunking Protocol (DTP), IEEE 802.1Q, Cisco Discovery Protocol (CDP), Dynamic Host Configuration Protocol (DHCP) and, finally, the Inter-Switch Link Protocol (ISL).

Some of the attacks implemented will cause a DoS in a network, other will help to perform any other more advanced attack, or both. In addition, some of them will be first released to the public since there isn’t any public implementation.

Yersinia will definitely help both pen-testers and network administrators in their daily tasks.

Some of the mentioned attacks are DoS attacks, so TAKE CARE about what you’re doing because you can convert your network into an UNSTABLE one.

A lot of examples are given at this page EXAMPLES section, showing a real and useful program execution.

[править] Опции

-h, --help

Help screen.

-V, --Version

Program version.


Start a graphical GTK session.

-I, --interactive

Start an interactive ncurses session.

-D, --daemon

Start the network listener for remote admin (Cisco CLI emulation).


Enable debug messages.

-l logfile

Save the current session to the file logfile. If logfile exists, the data will be appended at the end.

-c conffile

Read/write configuration variables from/to conffile.


Disable MAC spoofing.

[править] Протоколы

The following protocols are implemented in yersinia current version:

  • Spanning Tree Protocol (STP and RSTP)
  • Cisco Discovery Protocol (CDP)
  • Hot Standby Router Protocol (HSRP)
  • Dynamic Host Configuration Protocol (DHCP)
  • Dynamic Trunking Protocol (DTP)
  • IEEE 802.1Q
  • VLAN Trunking Protocol (VTP)
  • Inter-Switch Link Protocol (ISL)

[править] Опции протоколов

[править] STP

Spanning Tree Protocol (STP): is a link management protocol that provides path redundancy while preventing undesirable loops in the network.

The supported options are:

-version version

BPDU version (0 STP, 2 RSTP, 3 MSTP)

-type type

BPDU type (Configuration, TCN)

-flags flags

BPDU Flags

-id id


-cost pathcost

BPDU root path cost

-rootid id


-bridgeid id

BPDU Bridge ID

-portid id


-message secs

BPDU Message Age

-max-age secs

BPDU Max Age (default is 20)

-hello secs

BPDU Hello Time (default is 2)

-forward secs

BPDU Forward Delay

-source hw_addr

Source MAC address

-dest hw_addr

Destination MAC address

-interface iface

Set network interface to use

-attack attack

Attack to launch

[править] CDP

Cisco Discovery Protocol (CDP): is a Cisco propietary Protocol which main aim is to let Cisco devices to communicate to each other about their device settings and protocol configurations.

The supported options are:

-source hw_addr

MAC Source Address

-dest hw_addr

MAC Destination Address

-v version

CDP Version

-ttl ttl

Time To Live

-devid id

Device ID

-address address

Device Address

-port id

Device Port

-capability cap

Device Capabilities

-version version

Device IOS Version

-duplex 0|1

Device Duplex Configuration

-platform platform

Device Platform

-ipprefix ip

Device IP Prefix

-phello hello

Device Protocol Hello

-mtu mtu

Device MTU

-vtp_mgm_dom domain

Device VTP Management Domain

-native_vlan vlan

Device Native VLAN

-voip_vlan_r req

Device VoIP VLAN Reply

-voip_vlan_q query

Device VoIP VLAN Query

-t_bitmap bitmap

Device Trust Bitmap

-untrust_cos cos

Device Untrusted CoS

-system_name name

Device System Name

-system_oid oid

Device System ObjectID

-mgm_address address

Device Management Address

-location location

Device Location

-attack attack

Attack to launch

[править] HSRP

Hot Standby Router Protocol (HSRP):

[править] ISL

Inter-Switch Link Protocol (ISL):

[править] VTP

VLAN Trunking Protocol (VTP):

[править] DHCP

Dynamic Host Configuration Protocol (DHCP):

[править] 802.1Q

IEEE 802.1Q:

[править] DTP

Dynamic Trunking Protocol (DTP):

[править] Атаки

[править] STP

Attacks Implemented in STP:

0: NONDOS attack sending conf BPDU

1: NONDOS attack sending tcn BPDU

2: DOS attack sending conf BPDUs

3: DOS attack sending tcn BPDUs

4: NONDOS attack Claiming Root Role

5: NONDOS attack Claiming Other Role

6: DOS attack Claiming Root Role with MiTM

[править] CDP

Attacks Implemented in CDP:

0: NONDOS attack sending CDP packet

1: DOS attack flooding CDP table

2: NONDOS attack Setting up a virtual device

[править] HSRP

Attacks Implemented in HSRP:

0: NONDOS attack sending raw HSRP packet

1: NONDOS attack becoming ACTIVE router

2: NONDOS attack becoming ACTIVE router (MITM)

[править] DHCP

Attacks Implemented in DHCP:

0: NONDOS attack sending RAW packet

1: DOS attack sending DISCOVER packet

2: NONDOS attack creating DHCP rogue server

3: DOS attack sending RELEASE packet

[править] DTP

Attacks Implemented in DTP:

0: NONDOS attack sending DTP packet

1: NONDOS attack enabling trunking

[править] 802.1Q

Attacks Implemented in 802.1Q:

0: NONDOS attack sending 802.1Q packet

1: NONDOS attack sending 802.1Q double enc. packet

2: DOS attack sending 802.1Q arp poisoning

[править] VTP

Attacks Implemented in VTP:

0: NONDOS attack sending VTP packet

1: DOS attack deleting all VTP vlans

2: DOS attack deleting one vlan

3: NONDOS attack adding one vlan

4: DOS attack Catalyst zero day

[править] ISL

Attacks Implemented in ISL:

None at the moment

[править] Интерфейсы управления

GTK GUI The GTK GUI (-G) is a GTK graphical interface with all of the yersinia powerful features and a professional ’look and feel’.

NCURSES GUI The ncurses GUI (-I) is a ncurses (or curses) based console where the user can take advantage of yersinia powerful features.

Press ’h’ to display the Help Screen and enjoy your session :)

NETWORK DAEMON The Network Daemon (-D) is a telnet based server (ala Cisco mode) that listens by default in port 12000/tcp waiting for incoming telnet connections.

It supports a CLI similar to a Cisco device where the user (once authenticated) can display different settings and can launch attacks without having yersinia running in her own machine (specially useful for Windows users).

[править] Примеры

  • Send a Rapid Spanning-Tree BPDU with port role designated, port state agreement, learning and port id 0x3000 to eth1:
yersinia stp -attack 0 -version 2 -flags 5c -portid 3000 -interface eth1
  • Start a Spanning-Tree nonDoS root claiming attack in the first nonloopback interface (keep in mind that this kind of attack will use the first BPDU on the network interface to fill in the BPDU fields properly):
yersinia stp -attack 4
  • Start a Spanning-Tree DoS attack sending TCN BPDUs in the eth0 interface with MAC address 66:66:66:66:66:66:
yersinia stp -attack 3 -source 66:66:66:66:66:66

[править] См. также

The README file contains more in-depth documentation about the attacks.

[править] COPYRIGHT

Yersinia is Copyright (c)

[править] Баги


[править] Авторы

Alfredo Andres Omella <> David Barroso Berrueta <>

Yersinia v0.7 $Date: 2006/02/17 22:48:40 $ YERSINIA(8)

Источник — «»