VLAN HACKING

Hello all,

This post is to illustrate how to get access to the unauthorized VLAN from another VLAN in a cisco switch.

 Let us create a scenario, in a company there are 4 departments Marketing,Sales,Accounts and IT under the VLAN IDs as 1-4 correspondingly. The Switch is configured in such a way that none of the devices from one VLan can communicate with others, to maintain the confidentiality.
 By doing this, the internal attacker from Marketing department can't sniff the packet from any other department, but if the switch isn't configured effectively there is a possibility for the attacker from Marketing department can sniff the data from the any other department and can leak the company details to the competitor or can simply leverage his access to the other servers or applications running on other VLans. The attacker can  achieve this by two ways, the first method is called double tagging and the second method is called switch spoofing.
 This way of breaking through the VLan is called VLAN Hopping. Vlan Hopping is a Layer 2 attack and one of the important test that the penetration tester should conduct during the internal network testing.
Watch the Video first and I will explain briefly how it works and the way to protect it.

The tools which are used are tshark,arp-scan and Yersinia. Metigation: *Re-config the switch to disable trunking on all ports that do not required, by doing this it will avoid switch spoofing. *Also disable DTP on the ports that do need to be trunk. http://en.wikipedia.org/wiki/VLAN_hopping