-
December 17th, 2002, 11:53 AM
#21
Of course , but changing his MAC address is quite possible ?
Yuna, do you mean that separate VLAN does not prevent from arp spoofing!?
Of course it does not, but you'll be only able to spoof mac adresses belonging to default_VLAN!
Remember that target is on VLAN A.
I believe (but i'll be very happy to be contradicted on this one) that the only naughty power of the attacker placed on default_vlan is a DoS attack on all VLAN but not compromising the confifentiality of other VLAN than default_vlan.
Indeed, switch MAC table is common to all VLANs (have a look in the RFC, VLAN are identified in the table thanks to additive parameter vlan_id or tag),
1- therefore the malicious attacker could flood with a large number of mac adresses (e.g incremental) and force the switch to drop valid mac adresse, temporally denying services to legal users!
2- the attacker could also duplicate MAC adresses to perturb the MAC table, but normally good switch implementation should prevent from taht risk by first looking at the vlan_id argument before mac adresses => such swich prevent from trouble with duplicate mac on separate VLAN.
(I'll test it on my lab if I have the opportunity to, but if someone had already done it i'll be glad to know about )
[shadow] SHARING KNOWLEDGE[/shadow]
-
December 17th, 2002, 01:15 PM
#22
Member
To Networker : Thanks for acknowledge my idea .
What i am saying is just that VMPS - dynamic Vlan , are more vulnerable than the static or port-centric one . That's right , MAC address spoofing itself can't be too dangerous if you has a well designed Switch network .
But in a dynamic VLan enviroment which vlan-membership are asigned by the VMPS server . Hacker always can spoof the VMPS clients (switchs) with VMPS server MAC address OR sniff the VMPS server transaction with clients to have valid MAC address ?
I've once hacked my own server with this technique . But problem is if you need to hack the VMPS server , you'll need more than MAC spoofing .
Thanks.
Let\'s go to Paramount Great America !!!! LFC (LookingForChick)
-
December 19th, 2002, 05:36 PM
#23
I've been looking for information over the net about VLAN threats and I've found one about Hopping VLAN attack within the SANS site (Note: the paper is 2 years old).
This attack is a blind attack that allow you to send packets to a VLAN you do not belong to(brrr).
P.S. I've written a tutorial on L2P attacks and mitigation I learned about => threadid=237836
[shadow] SHARING KNOWLEDGE[/shadow]
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|