Page 3 of 3 FirstFirst 123
Results 21 to 23 of 23

Thread: Hacking VLANs/Packet Stealth

  1. December 17th, 2002, 11:53 AM #21
    Networker
    Networker is offline
    Senior Member
    Join Date
    Nov 2002
    Posts
    382
    Of course , but changing his MAC address is quite possible ?
    Yuna, do you mean that separate VLAN does not prevent from arp spoofing!?
    Of course it does not, but you'll be only able to spoof mac adresses belonging to default_VLAN!
    Remember that target is on VLAN A.

    I believe (but i'll be very happy to be contradicted on this one) that the only naughty power of the attacker placed on default_vlan is a DoS attack on all VLAN but not compromising the confifentiality of other VLAN than default_vlan.

    Indeed, switch MAC table is common to all VLANs (have a look in the RFC, VLAN are identified in the table thanks to additive parameter vlan_id or tag),

    1- therefore the malicious attacker could flood with a large number of mac adresses (e.g incremental) and force the switch to drop valid mac adresse, temporally denying services to legal users!

    2- the attacker could also duplicate MAC adresses to perturb the MAC table, but normally good switch implementation should prevent from taht risk by first looking at the vlan_id argument before mac adresses => such swich prevent from trouble with duplicate mac on separate VLAN.
    (I'll test it on my lab if I have the opportunity to, but if someone had already done it i'll be glad to know about )
    [shadow] SHARING KNOWLEDGE[/shadow]
    Reply With Quote Reply With Quote
  2. December 17th, 2002, 01:15 PM #22
    yuna_admirer
    yuna_admirer is offline
    Member
    Join Date
    Nov 2002
    Posts
    50
    To Networker : Thanks for acknowledge my idea .
    What i am saying is just that VMPS - dynamic Vlan , are more vulnerable than the static or port-centric one . That's right , MAC address spoofing itself can't be too dangerous if you has a well designed Switch network .
    But in a dynamic VLan enviroment which vlan-membership are asigned by the VMPS server . Hacker always can spoof the VMPS clients (switchs) with VMPS server MAC address OR sniff the VMPS server transaction with clients to have valid MAC address ?
    I've once hacked my own server with this technique . But problem is if you need to hack the VMPS server , you'll need more than MAC spoofing .

    Thanks.
    Let\'s go to Paramount Great America !!!! LFC (LookingForChick)
    Reply With Quote Reply With Quote
  3. December 19th, 2002, 05:36 PM #23
    Networker
    Networker is offline
    Senior Member
    Join Date
    Nov 2002
    Posts
    382
    I've been looking for information over the net about VLAN threats and I've found one about Hopping VLAN attack within the SANS site (Note: the paper is 2 years old).

    This attack is a blind attack that allow you to send packets to a VLAN you do not belong to(brrr).

    P.S. I've written a tutorial on L2P attacks and mitigation I learned about => threadid=237836
    [shadow] SHARING KNOWLEDGE[/shadow]
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules