VLAN Hopping Flashcards
VLAN hopping
• Define different VLANs
- You only have access to your VLAN
- Good security best practice
• “Hop” to another VLAN - this shouldn’t
happen
- Two primary methods
- Switch spoofing and double tagging
Switch spoofing
• Some switches support automatic
configuration
• Is the switch port for a device, or is it a
trunk?
- There’s no authentication required
- Pretend to be a switch
- Send trunk negotiation
• Now you’ve got a trunk link to a switch
• Send and receive from any configured
VLAN
• Switch administrators should disable
trunk negotiation
• Administratively configure trunk
interfaces and device/access interfaces
Double tagging
• Craft a packet that includes two VLAN
tags
• Takes advantage of the “native” VLAN
configuration
• The first native VLAN tag is removed by
the first switch
• The second “fake” tag is now visible to
the second switch
• Packet is forwarded to the target
• This is a one-way trip
• Responses don’t have a way back to
the source host
• Don’t put any devices on the native
VLAN
• Change the native VLAN ID
• Force tagging of the native VLAN