Buffer overflow, cross site scripting and sql injection have had their share of the spotlight,
I have recently decided to give more attention to layer two issues and share my findings.
Some of the reasons that attracted me to layer two security is that there is a high percentage of insiders attacks by employees, the threat is under estimated and what is within the LAN is considered “trusted”. Also more broadband providers deploy network access based exclusively on layer two (for fast recovery, the average convergence time for RSTP is far greater than OSPF and EIGRP ).