Description
VLAN Hopping is an exploitation method used to attack a network with multiple VLANs. It is an attack that involves an attacking system to deploy packets. These packets have a destination of a system on a separate VLAN which would, in normal circumstances, not be accessible by the attacker. VLAN Hopping attacks are primarily conducted within the Dynamic Trunking Protocol (DTP). Often, VLAN Hopping attacks are directed at the trunking encapsulation protocol (802.1q or ISL).
Malicious traffic used for VLAN Hopping is tagged with a VLAN ID destined outside the VLAN on which the system conducting the attacks belongs to. An attacker can also attempt to behave and look like a switch, which will negotiate trunking, allowing the attacker to not only send, but receive traffic across more than one VLAN.
There are two common methods of VLAN Hopping; Switch Spoofing and Double Tagging.
Read more »
By IPSECS Admin. Posted in News | Comments Off
Click here to view our old researches. Enjoy!
Common Vulnerabilities and Exposures
http://cve.mitre.org/cgi-bi/cvename.cgi?name=CVE-2009-0065
“Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID. “
Ubuntu Security Notice USN-751-1
http://www.ubuntu.com/usn/usn-751-1
“The SCTP stack did not correctly validate FORWARD-TSN packets. A remote attacker could send specially crafted SCTP traffic causing a system crash, leading to a denial of service. (CVE-2009-0065)”
RedHat Security Advisory
http://rhn.redhat.com/errata/RHSA-2009-0331.html
“a buffer overflow was found in the Linux kernel Partial Reliable Stream Control Transmission Protocol (PR-SCTP) implementation. This could, potentially, lead to a denial of service if a Forward-TSN chunk is received with a large stream ID. (CVE-2009-0065, Important) ”
Read more »