VLAN Attacks
VLANs

VLAN Attacks

Ahmed Shawky Ahmed Shawky

Ahmed Shawky

Network Security Engineer| CCNP, NSE4, Palo Alto, MCSA, SENSS, SIMOS, SISAS

发布日期: 2023年12月22日
+ 关注

VLAN Hopping attack (Switch spoofing)

VLAN hopping attack


-Spoofing DTP Messages from the attacking host to cause the switch to enter trunking mode.

-Attacking device gains access to data on all VLANs carried by the negotiated trunk.

the attack steps:-

  1. Attacker gains access to a switch port and sends DTP negotiation frames toward a switch with DTP running and auto negotiation turned on.
  2. Attacker and switch negotiate trunking over the port.
  3. Switch allows all VLANs to traverse the trunk link.
  4. Attacker sends data to, or collects it from, all VLANs carried on that trunk.

The Mitigation:-

  1. Turn off trunking on all ports, except the ones that specifically require trunking.
  2. enable access on the access ports manually.
  3. disable the DTP.

Double-Tagging VLAN Attack

Double-Tagging VLAN Attack


-An important characteristic of the double encapsulated VLAN hopping attack is that it works even if trunk ports are disabled.

-the attacker must be in the native VLAN.

-one way attack. (can use to send malicious).

-this attack is unidirectional.

The Mitigation

Change the native VLAN and don’t put any device on the native VLAN.

Ahmed Tarek

Network Security & SOC | FortiGate | ASA | Cisco ISE || NSE4 | CCNP Security | Cisco CyberOps | IBM QRadar | CEH v 10 | MCSA | Network Security Content Creator

1 年

Great!

回复
1 次回应
Ahmed Ghallab

Network Security

1 年

Bravo ????????
回复
1 次回应
查看更多评论

要查看或添加评论,请登录

Ahmed Shawky的更多文章

  • SD-WAN in FortiGate
    2024年7月31日

    SD-WAN in FortiGate

    SD-WAN is a software-defined approach to managing Wide-Area Networks (WAN). When creating SD-WAN it is required that no…

    5 条评论
  • FortiGate Antivirus
    2024年5月9日

    FortiGate Antivirus

    -?? virus ????? ?? ?????? ?? (0,1) ??? ??? ???? ??? antivirus ?? ????? ?????? ????? ???? ???? ????? ?? viruses ????…

  • Site-to-Site VPN
    2024年2月14日

    Site-to-Site VPN

    Site-to-Site VPNs connect multiple remote networks or branch offices, allowing them to communicate securely over the…

  • Virtual Private Network
    2024年1月25日

    Virtual Private Network

    is a technology that provides a secure and encrypted connection between a user's device and a remote server or network.…

  • DHCP Server Spoofing
    2023年12月12日

    DHCP Server Spoofing

    DHCP Server Spoofing If an attacker connects a rogue DHCP server to the network, the rogue DHCP server can respond to a…

    2 条评论
  • Mac address table overflow attack
    2023年12月6日

    Mac address table overflow attack

    Mac address table overflow attack (mac address flood):- A MAC Overflow attack relies on flooding the switch with many…

    1 条评论

社区洞察

其他会员也浏览了