Re: VLAN hopping - demonstration

From: "Ivan ." <ivanhec@xxxxxxxxx>
Date: Wed, 18 Oct 2006 08:58:40 +1000

check these out

http://www.packetfactory.net/papers/VLAN-hopping/stake_wp.pdf
http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037252.html
http://www.sans.org/resources/idfaq/vlan.php

should get you started

cheers
Ivan

On 10/18/06, dubaisans dubai <dubaisans@xxxxxxxxx> wrote:

How do you demonstrate VLAN hopping?. I am trying to show this to a
customer who has mutliple DMZ segments configured as Layer2 VLANs on a
Cisco 6500 switch. There is NO trunk port on this switch but DTP is
turned on on all ports.

Is it enough to cascade another L2 switch on an access port [ say VLAN
100] of the 6509, connect a desktop on this second switch and send a
packet with different VLAN ID [say VLAN 200] on the 6509.

Am I on the right track?

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Follow-Ups:
- Re: VLAN hopping - demonstration
  - From: Ulric Eriksson

References:
- VLAN hopping - demonstration
  - From: dubaisans dubai

Prev by Date: RE: BruteForcing?
Next by Date: Re: VLAN hopping - demonstration
Previous by thread: VLAN hopping - demonstration
Next by thread: Re: VLAN hopping - demonstration
Index(es):
- Date
- Thread

Relevant Pages

VLAN hopping - demonstration
... Cisco 6500 switch. ... Is it enough to cascade another L2 switch on an access port [say VLAN ... Cenzic Hailstorm finds vulnerabilities fast. ...
(Pen-Test)
Re: VLAN hopping - demonstration
... Delete selected VLAN ... Cisco 6500 switch. ... Is it enough to cascade another L2 switch on an access port [say VLAN ... Cenzic Hailstorm finds vulnerabilities fast. ...
(Pen-Test)
Re: When cat comes chasing...
... >The connection between the two buildings has been recently upgraded to 100 ... I reset any switch, the problem gets resolved. ... >Cenzic Hailstorm finds vulnerabilities fast. ...
(Pen-Test)
RE: unswitched behavior of a switched network...
... I've let the last few posts on this subject today go through (you'll be ... why would a switch that is processing a session between two endpoints ... Cenzic Hailstorm finds vulnerabilities fast. ... Click the link to buy it, try it or download Hailstorm for FREE. ...
(Pen-Test)
Re: Locating switches in a multi-layer switching environment
... behind the floor switch in the one vlan. ... but is only visible on the management VLAN. ... Discover the location of every switch in the network. ... > Cenzic Hailstorm finds vulnerabilities fast. ...
(Pen-Test)