In computer networking, CDP spoofing is a technique employed to compromise the operation of network devices that use the Cisco Discovery Protocol for discovering neighboring devices.
CDP may be used between Cisco routers, switches and other network equipment to advertise their software version, capabilities and IP address. CDP spoofing is the creation of forged CDP packets that impersonate other devices, either real or arbitrary.
When a router running CDP receives a CDP packet, it begins to build a table that shows the neighboring devices discovered. An attacker can exploit this functionality by sending thousands of spoofed CDP packets to 01:00:0C:CC:CC:CC to fill neighbor tables in any devices on the network running CDP. When this happens, other traffic on the network may be dropped as the device does not have the resources necessary to route it. The device's command line interface may also become unresponsive making it difficult to disable CDP during an ongoing attack.
Some administrators may disable CDP as a result to make their network more secure at the cost of not being able to benefit from CDP.