Security Basics mailing list archives

Re: VALN hopping

From: David Barroso <dbarroso () s21sec com>
Date: Fri, 30 Sep 2005 19:54:14 +0200

WWe are having a heated discussion about using VLAN's as a type of
DMZ, so

I am asking the experts.  I prsonally like to see physical isolation;
however, our network person doesn't feel there is a threat of VLAN
hopping.  Please let me know your opinions.


If they are new devices with up-to-date OS versions it is not very likely
that attacks similar to double encapsulated 802.1q packets will succeed. On
the other hand, if they are not properly configured and/or hardened, other
attacks can be accomplished, like for instance, with Cisco devices, setting
up a trunking if DTP settings are poorly configured (see
http://yersinia.sourceforge.net for performing that attack).

--
David Barroso Berrueta 
Not one day goes by that I don't ride, 'til the infinite, the horse of my imagination

Current thread:

VALN hopping josh (Sep 28)
- RE: VALN hopping David Gillett (Sep 30)
- Re: VALN hopping Kenton Smith (Sep 30)
- <Possible follow-ups>
- RE: VALN hopping Hayes, Ian (Sep 30)
  - Re: VALN hopping David Barroso (Sep 30)
  - Re: VALN hopping Micheal Espinola Jr (Sep 30)
- RE: VALN hopping Payton, Zack (Sep 30)
- RE: VALN hopping Payton, Zack (Sep 30)
  - RE: VALN hopping Scott Fuhriman (Sep 30)
- Re: VALN hopping nidude (Sep 30)