Penetration Testing mailing list archives
Re: VLAN Issue
From: Ryan Russell <ryan () securityfocus com>
Date: Tue, 12 Jun 2001 08:28:28 -0600 (MDT)
On Mon, 11 Jun 2001, Damieon Stark wrote:
Just to double check, the network you are working with is using vlan trunking on multiple switches correct? I have commonly met the misconception about that being an issue for VLAN's on just one switch...
The problem does exist with just one switch in at least one instance. On
the Catalyst 5xxx family, a researcher found that they could force 802.1q
frames onto the switch, and some of them would leak through to the VLAN
designated in the frames. Cisco couldn't fix it. The VLAN tags come at
the end of the frame, and under load, the switch would have already
started forwarding the frame before it knew what VLAN it was designated
for.
Many switches fail open (one big bridge.) I've seen many problems with
Cabletron MMAC+ switches, though that was several years ago now. They
even had hard-coded passwords that would turn off all VLAN features, and
turn them into non-VLAN switches, though again I haven't tried that in
years.
Ryan
Current thread:
- VLAN Issue hellNbak (Jun 10)
- Re: VLAN Issue Damieon Stark (Jun 11)
- Re: VLAN Issue Ryan Russell (Jun 12)
- Re: VLAN Issue Damieon Stark (Jun 12)
- Re: VLAN Issue Ryan Russell (Jun 12)
- <Possible follow-ups>
- RE: VLAN Issue Brewis, Mark (Jun 12)
- RE: VLAN Issue Osborne-1, Brett (Jun 12)
- RE: VLAN Issue John . Curran (Jun 13)
- Re: VLAN Issue Damieon Stark (Jun 11)