What happens if an attacker successfully manipulates STP?

Manipulating Spanning Tree Protocol (STP) changes how switches elect the root and which ports are active for forwarding. When an attacker can influence BPDU frames, the network topology can shift to a different path, and switches must reconverge to a new stable tree. That reconvergence takes time and causes frames to traverse different, often longer, routes before the network settles. The result is an observable increase in latency and jitter while the topology reconfigures. Other outcomes like intercepting traffic, bypassing firewalls, or hijacking DNS rely on additional exploits beyond STP manipulation. STP manipulation mainly disrupts the forwarding topology, and the primary immediate effect is the performance hit from reconvergence, i.e., higher latency. To defend against this, networks can use protections such as BPDU guard, root guard, loop guard, and proper monitoring to detect and limit STP tampering.