As an end-user, you should never receive STP BPDU frames from the ISP. The workstation in enterprise networks should not either. It is always a result of misconfiguration or lack of knowledge from network engineers about basics of network security. BPDU can reveal information about your network that can be later used to compromise it. In the worst case, an attacker can impact your system by changing the spanning-tree topology and perform a Man-In-The-Middle attack.
I noticed that my ISP is sending me BPDU frames. Let’s see, using this case real-life scenario, what we can tell about his network.