• Define different VLANs You only have access to your VLAN Good security best practice • “Hop” to another VLAN - this shouldn’t happen Two primary methods Switch spoofing and double tagging

• Some switches support automatic configuration • Is the switch port for a device, or is it a trunk? There’s no authentication required Pretend to be a switch Send trunk negotiation • Now you’ve got a trunk link to a switch • Send and receive from any configured VLAN • Switch administrators should disable trunk negotiation • Administratively configure trunk interfaces and device/access interfaces

VLAN Hopping Flashcards by Pat Man

VLAN hopping

• Define different VLANs

You only have access to your VLAN
- Good security best practice

• “Hop” to another VLAN - this shouldn’t
happen

Two primary methods
- Switch spoofing and double tagging

How well did you know this?

Not at all

Perfectly

Switch spoofing

• Some switches support automatic
configuration
• Is the switch port for a device, or is it a
trunk?

There’s no authentication required
Pretend to be a switch
Send trunk negotiation

• Now you’ve got a trunk link to a switch
• Send and receive from any configured
VLAN

• Switch administrators should disable
trunk negotiation
• Administratively configure trunk
interfaces and device/access interfaces

How well did you know this?

Not at all

Perfectly

Double tagging

• Craft a packet that includes two VLAN
tags
• Takes advantage of the “native” VLAN
configuration

• The first native VLAN tag is removed by
the first switch
• The second “fake” tag is now visible to
the second switch
• Packet is forwarded to the target

• This is a one-way trip
• Responses don’t have a way back to
the source host

• Don’t put any devices on the native
VLAN
• Change the native VLAN ID
• Force tagging of the native VLAN

How well did you know this?

Not at all

Perfectly

Brainscape's Knowledge GenomeTM

VLAN Hopping Flashcards

Brainscape's Knowledge Genome^TM