[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] VLAN Hopping, myth or reality?

To: Yersinia Authors <yersinia@xxxxxxxxxxxx>
Subject: Re: [Full-disclosure] VLAN Hopping, myth or reality?
From: Mikael Abrahamsson <swmike@xxxxxxxxx>
Date: Tue, 20 Sep 2005 07:10:04 +0200 (CEST)

On Mon, 19 Sep 2005, Yersinia Authors wrote:

We haved tested this attack only against Cisco switches 29xx, so we would be pleased if we received notifications of working attacks in other Cisco modeles, or better, other vendors (which is almost impossible since DTP is Cisco proprietary, but, we've seen HP switches with CDP enabled ;) )

You will most likely be able to do this to any cisco switch that supports DTP. What you're doing is using a misconfiguration, not really a vulnerability. You're not vlan hopping, you're telling the switch that you are a switch and that the interlink should be in trunk mode, and then the other end will give you access to all vlans, if it's configured default from factory.

--
Mikael Abrahamsson    email: swmike@xxxxxxxxx
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] VLAN Hopping, myth or reality?
  - From: Yersinia Authors

Prev by Date: [Full-disclosure] MDKSA-2005:138-1 - Updated cups packages fix vulnerability
Next by Date: [Full-disclosure] [USN-185-1] CUPS vulnerability
Previous by thread: [Full-disclosure] VLAN Hopping, myth or reality?
Next by thread: [Full-disclosure] MDKSA-2005:138-1 - Updated cups packages fix vulnerability
Index(es):
- Date
- Thread