One of the NetCraftsmen engineers mentioned a condition where CDP can potentially leak information — this is based on a thread on the c-nsp mailer.
An organization had ‘cdp off’ on a POS1/0/0 interface which is an STM-16 link. After changing the encapsulation from ppp to hdlc, the IOS automatically changes CDP to be on without even a system message. This could be an issue if you are trying to maintain a secure router.
This behavior has been documented in CSCso40579, but has been marked closed. CSCso59137 (sev=4) documents the behavior as working as designed. This bugid will print a CDP status change message when such an event occurs.
Moral of the story – if you want your router to stay secure, always double check your settings after making configuration updates since things might change without you knowing it.
Potential Information Leak with CDP
Carole Warner Reece
Architect