I was just wondering if there is any possible way to break out of a v-lan, as long as everything is being packetfiltered to port 80, no ssh, telnet etc.
Printable View
I was just wondering if there is any possible way to break out of a v-lan, as long as everything is being packetfiltered to port 80, no ssh, telnet etc.
considering it's usually a switch-based technology, the end result will depend on what switch (or switched router) is being used?
some generic questions to ask in the approach:
would arp-spoofing/poisoning be of use?
who assigns the vlan id (host or switch)? - if it's a switch how is it assigned and how is it maintained?
is the switch isolating (and/or switching) at the physical or network layer?
Hum.. good question...
Depending on how the vlan is configured (pvid or .q vlans trunks...) it might be possible if you have a NIC like the intel pro/100 that can set bind to a vlan... The switch would have to be loosly configured though...
Ammo
Although arp-poisoning or spoofing could work, just out of curiosity, why do you want to hack out of your current vlan? Are we talking about an ISP vlan or a corp network?
...aberration...
I doubt that arp-poisoning or spoofing would work as the vlans are not binded in anyway to ip addresses...
Ammo
hmm,
I am currently working with vlan's on a 3com switch, they can be configure by port on the switcht, so that if your traffic arrives at the switch on a certain connection, it doesnt matter what your mac address or ip address is.
Exactly...
The only way I see you could escape the assigned vlan is if you where in .q vlans on a trunk link, then you might be able to get arround it by setting the vlan id on a NIC that supports vlans like the intel pro/100....
Ammo
you're somewhat correct, the focus being on the physical aspect of arp rather than the network aspect. while being ip independent, vlans ids are occasionally bound to mac address.Quote:
I doubt that arp-poisoning or spoofing would work as the vlans are not binded in anyway to ip addresses...
Quote:
I am currently working with vlan's on a 3com switch, they can be configure by port on the switcht, so that if your traffic arrives at the switch on a certain connection, it doesnt matter what your mac address or ip address is.
and per IchNiSan's comment - how it's configured.Quote:
the end result will depend on what switch (or switched router) is being used?