Hacking VLANs/Packet Stealth

Quote:

---

Of course , but changing his MAC address is quite possible ?

---

Yuna, do you mean that separate VLAN does not prevent from arp spoofing!?
Of course it does not, but you'll be only able to spoof mac adresses belonging to default_VLAN!
Remember that target is on VLAN A.

I believe (but i'll be very happy to be contradicted on this one) that the only naughty power of the attacker placed on default_vlan is a DoS attack on all VLAN but not compromising the confifentiality of other VLAN than default_vlan.

Indeed, switch MAC table is common to all VLANs (have a look in the RFC, VLAN are identified in the table thanks to additive parameter vlan_id or tag),

1- therefore the malicious attacker could flood with a large number of mac adresses (e.g incremental) and force the switch to drop valid mac adresse, temporally denying services to legal users!

2- the attacker could also duplicate MAC adresses to perturb the MAC table, but normally good switch implementation should prevent from taht risk by first looking at the vlan_id argument before mac adresses => such swich prevent from trouble with duplicate mac on separate VLAN.
(I'll test it on my lab if I have the opportunity to, but if someone had already done it i'll be glad to know about :D )

To Networker : Thanks for acknowledge my idea .
What i am saying is just that VMPS - dynamic Vlan , are more vulnerable than the static or port-centric one . That's right , MAC address spoofing itself can't be too dangerous if you has a well designed Switch network .
But in a dynamic VLan enviroment which vlan-membership are asigned by the VMPS server . Hacker always can spoof the VMPS clients (switchs) with VMPS server MAC address OR sniff the VMPS server transaction with clients to have valid MAC address ?
I've once hacked my own server with this technique . But problem is if you need to hack the VMPS server , you'll need more than MAC spoofing .

Thanks.

I've been looking for information over the net about VLAN threats and I've found one about Hopping VLAN attack within the SANS site (Note: the paper is 2 years old).

This attack is a blind attack that allow you to send packets to a VLAN you do not belong to(brrr).

P.S. I've written a tutorial on L2P attacks and mitigation I learned about => threadid=237836 ;)