Disable Cisco CDP!
Whilst the CCNA Security exam recommends disabling CDP in the production environment, I felt it didn’t really explain in depth why it’s a good idea. I mean sure, they mention that information about the device is leaked, but what information exactly is leaked? I ran a wireshark capture to find out!
I think the above screenshot of the CDP message explains it enough… You can see the native VLAN, which can be used in VLAN hopping attacks, the local subnet in use, in my case a standard /24 is used and you get extremely valuable information about the operating version of the IOS router itself!