VLAN Hopping
VLAN Hopping is one of the primary VLAN based attacks used by hackers to infiltrate network security. VLAN hopping is used to attack a network by sending packets to a port which is generally not accessible. VLAN hopping attacks are mainly conducted in the Dynamic Trunking Protocol and, in some cases; the attacks are targeted to the trunking encapsulation protocol (802.1q or ISL). The Dynamic Trunking Protocol is utilized for negotiating trunking on links between devices and the type of trunking encapsulation to be used.
Types of VLAN Hopping
Switch Spoofing
If a network switch is in place for autotrunking, the network attacker manages to configure a system that spoof or passes itself off as a switch. This means that the network attacker is capable of emulating either ISL or 802.1q signaling together with Dynamic Trunk Protocol (DTP) signaling. If successful, the hacker enters into a switch which gives every indication that it has a continuous need to trunk. This allows the attacking system to gain access all the VLANs allowed on the trunk port.
Double Tagging
In this form of VLAN hopping, the attacker tries to send data from one switch to another by sending frames with two 802.1Q headers – one for the victim switch and the other for the attacking switch. The victim switch accepts the frame because it thinks it is supposed to receive the incoming data. The target switch then forwards the frame to the destination based on the VLAN identifier in the second 802.1q header.
Consequences of VLAN Hopping
VLAN hopping can disable any security measures users may have in place on the device which maps routes between the VLAN's. Hackers use VLAN hopping to capture sensitive information such as bank account details and passwords from targeted network subscribers. VLAN hopping is also used by some attackers to corrupt, modify, or delete data from the end user's computer. Another intended use of VLAN hopping is to propagate viruses, worms, Trojan horses, and other malicious programs such as malware and Spyware.
Preventing VLAN Hopping
VLAN hopping can be prevented to some extend by turning off the autotrunking feature of all the switches which do not require trunking and by following specific recommendations from switch suppliers on VLAN security.
You should never use the default VLAN either because VLAN hopping is much more easily accomplished from the default VLAN. A good security measure is to assign all your used interfaces to some VLAN and never using any default VLAN, (typically VLAN 1) for anything.
|
|
- VLAN (Virtual Local Area Network)
VLAN (Virtual Local Area Network) is a logical local area network (or LAN) that extends beyond a single traditional LAN to a group of LAN segments, given specific configurations. Since a VLAN is a logical entity, its creation and configuration is done completely in software. How is a VLAN Identified? Since a VLAN is a [...]...
- Trunking
Traditional radio equipment works because all parties involved in the communication agree on what frequencies they will utilize. Traditional radio scanners work by scanning for and then listening to those frequencies. Trunking radios, on the other hand, constantly renegotiate the frequencies utilized for the conversation. This allows for more efficient utilization of limited frequencies because [...]...
- Cisco Switch Commands
Cisco IOS software is installed in the manageable Cisco switches for better LAN management. It delivers network services and enabled networked applications. The Cisco IOS has a command line interface that helps users to execute the Cisco IOS commands. Cisco Switch Commands The Cisco switch IOS has different EXEC modes with distinctive prompts. These modes [...]...
- Spanning Tree Protocol
Redundant Topology A Local Area Network may consist of more than one segment. Each segment of the LAN connected through a separate physical device mostly switch. Switches use their uplink ports to connect different segments. The LAN administrator can connect the switches with each other through more than one uplink port using redundant topology. Redundant [...]...
- Cisco Switch Configuration
When executing an inter-network installation, many mechanisms and components are usually involved. Cisco is superior because it is the only inter-networking company with a well made end to end inter-networking solution. Cisco switches makes the LAN more competent by creating multiple collision domains. Each switch port is a split collision domain. With only one device [...]...