Cisco CCNP Certification / BCMSN Exam: Defending Against VLAN Hopping Attacks
- Date: 2007-05-23 - Word Count: 326
Share This!
During our Cisco CCNP BCMSN certification exam preparation, we've seen how intruders can use seemingly innocent ARP and DHCP processes can be used to harm our network, so it shouldn't come as any surprise that Dot1q tagging can be used against us as well!
One form of VLAN Hopping is double tagging, so named because the intruder will transmit frames that are "double tagged" with two separate VLAN IDs. As you'll see in our example, certain circumstances must exist for a double tagging attack to be successful:
The intruder's host device must be attached to an access port.
The VLAN used by that access port must be the native VLAN.
The term "native VLAN" tips us off to the third requirement - dot1q must be the trunking protocol in use, since ISL doesn't use the native VLAN.
When the rogue host transmits a frame, that frame will have two tags. One will indicate native VLAN membership, and the second will be the number of the VLAN under attack. In this example, we'll assume that to be VLAN 100, with the native VLAN set as VLAN 25.
The trunk receiving this double-tagged frame will see the tag for VLAN 25, and since that's the native VLAN, that tag will be removed and then transmitted across the trunk - but the tag for VLAN 100 is still there!
When the switch on the other side of the trunk gets that frame, it sees the tag for VLAN 100 and forwards the frame to ports in that VLAN. The rogue now has successfully fooled the switches and has hopped from one VLAN to another.
This is why you often see the native VLAN of a network set to a VLAN that no host on the network is a member of - that stops this version of VLAN Hopping right in its tracks.
Notice that I said "this version". We'll take a look at another VLAN Hopping tactic in the next installation of my CIsco CCNP BCMSN certification exam tutorial series!
One form of VLAN Hopping is double tagging, so named because the intruder will transmit frames that are "double tagged" with two separate VLAN IDs. As you'll see in our example, certain circumstances must exist for a double tagging attack to be successful:
The intruder's host device must be attached to an access port.
The VLAN used by that access port must be the native VLAN.
The term "native VLAN" tips us off to the third requirement - dot1q must be the trunking protocol in use, since ISL doesn't use the native VLAN.
When the rogue host transmits a frame, that frame will have two tags. One will indicate native VLAN membership, and the second will be the number of the VLAN under attack. In this example, we'll assume that to be VLAN 100, with the native VLAN set as VLAN 25.
The trunk receiving this double-tagged frame will see the tag for VLAN 25, and since that's the native VLAN, that tag will be removed and then transmitted across the trunk - but the tag for VLAN 100 is still there!
When the switch on the other side of the trunk gets that frame, it sees the tag for VLAN 100 and forwards the frame to ports in that VLAN. The rogue now has successfully fooled the switches and has hopped from one VLAN to another.
This is why you often see the native VLAN of a network set to a VLAN that no host on the network is a member of - that stops this version of VLAN Hopping right in its tracks.
Notice that I said "this version". We'll take a look at another VLAN Hopping tactic in the next installation of my CIsco CCNP BCMSN certification exam tutorial series!
Related Tags: certification, host, exam, cisco, ccnp, arp, native, double, rogue, tagging, dhcp, bcmsn, vlan, hopping, isl, dot1q
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of over 100 free certification exam tutorials, including Cisco CCNA certification test prep articles. His exclusive Cisco CCNA study guide and Cisco CCNA training is also available!Visit his blog and sign up for Cisco Certification Central, a daily newsletter packed with CCNA, Network+, Security+, A+, and CCNP certification exam practice questions! A free 7-part course, "How To Pass The CCNA", is also available, and you can attend an in-person or online CCNA boot camp with The Bryant Advantage! Your Article Search Directory : Find in Articles
Recent articles in this category:
- Ibm's Innovative Technology in Lto Tape
The Linear Tape Open format supports portability, superior performance, data security and large cap - Acer Aspire 5583nwxmi
The Acer Aspire 5583 NWXMi processor is power-driven by 1.66 GHz Intel Core 2 Duo Processor T5500 by - How to Choose a Cheaplaptop Computer for You
How to Choose a CheapLaptop Computer for you. it is important to choose a laptop computer for your - The Top Gifts for Your Officemates
The holiday season is upon us. Start thinking early about the gifts you can give your coworkers to - Two Factor Authentication Equals Two Factor Security
A couple of weeks I received a mysterious package in my mailbox consisting of a little device with - Toronto Computer Support Provides It Support To Your Business To Make It Successful.
Structured IT, Provides your business an IT support to make your Business a successful business, as - Cd Label Printer
CD printers are latest technological devices that enable us to get desired CD label printing within - Reliable Bdz-s77 Blu-ray Recorder by Sony
Blu-ray disk format is the extended next version of the optical disk format. The main idea behind t - Tft Monitors--excellence at Par Under-friendliness
TFT monitors are very appealing. They have a charm that enhances the credibility of bringing this g - Utilities Of Latest Desktop Computers
Desktop computers have become compulsory for people. It is mandatory that people make use of compute
Most viewed articles in this category:
- Video Killed the Beautiful View
"The sound brought our group to a stop; we turned around to see the ice mass collapse with a roar. A - Crossfire: The Dual GPU System Gamers Want
CrossFire is the new dual graphics card system from ATI. It offers remarkable image quality improvem - Canon PIXMA IP1600 Photo Printer Review & Its True Cost of Ownership
With Canon PIXMA iP1600 Inkjet Printer you can make high quality photo printings at home. No need to - Basic Information about Nero Burn DVD
Nero is a popular burning ROM designed to burn DVD's. The way this product got its name is very inte - The Development of the Vital IBM PC in Spite of the Corporate Culture of IBM
The public history of the PC began in August 1981, when IBM first announced "The IBM Personal Comput - PC Repairs
PC Repairs are often needed when we need our computer the most. One way to take away many problems o - Affordable Computer Printer Ink
The computer - once considered a luxury item - has easily become a staple in today's modern homes; a - Build your Own PC
Build your own PC! Simple and Fun. Just follow these instructions and you're on your way to a rel - Extending the Life of an Inkjet Printer with Proper Cleaning and Maintenance
Inkjet printers are becoming another "throw away" electronic device due to reducing costs and high i - Check Printers
A check printer is a printer that hooks up to a computer that has the capability of printing checks.
