From: Ulric Eriksson (ulric@siag.nu)
Date: Wed Oct 18 2006 - 02:57:27 EDT
On Wed, 18 Oct 2006, Ivan . wrote:
> check these out
>
> http://www.packetfactory.net/papers/VLAN-hopping/stake_wp.pdf
> http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037252.html
> http://www.sans.org/resources/idfaq/vlan.php
>
> should get you started
Those documents show that vlan hopping doesn't work on properly
configured switches.
> On 10/18/06, dubaisans dubai <dubaisans@gmail.com> wrote:
>> How do you demonstrate VLAN hopping?. I am trying to show this
>> to a customer who has mutliple DMZ segments configured as
>> Layer2 VLANs on a Cisco 6500 switch. There is NO trunk port
>> on this switch but DTP is turned on on all ports.
>>
>> Is it enough to cascade another L2 switch on an access port [
>> say VLAN 100] of the 6509, connect a desktop on this second
>> switch and send a packet with different VLAN ID [say VLAN 200]
>> on the 6509.
>>
>> Am I on the right track?
The right track would IMHO be to teach the customer how to
configure his switch.
Ulric
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:13 EDT