Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: VLAN hopping - demonstration

From: Ulric Eriksson <ulric () siag nu>
Date: Wed, 18 Oct 2006 08:57:27 +0200 (CEST)

On Wed, 18 Oct 2006, Ivan . wrote:


check these out

http://www.packetfactory.net/papers/VLAN-hopping/stake_wp.pdf
http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037252.html
http://www.sans.org/resources/idfaq/vlan.php

should get you started
Those documents show that vlan hopping doesn't work on properly configured switches. 


On 10/18/06, dubaisans dubai <dubaisans () gmail com> wrote:
How do you demonstrate VLAN hopping?. I am trying to show this to a customer who has mutliple DMZ segments configured as Layer2 VLANs on a Cisco 6500 switch. There is NO trunk port on this switch but DTP is turned on on all ports.
Is it enough to cascade another L2 switch on an access port [ say VLAN 100] of the 6509, connect a desktop on this second switch and send a packet with different VLAN ID [say VLAN 200] on the 6509. 

Am I on the right track?
The right track would IMHO be to teach the customer how to configure his switch. 

Ulric

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: