VLAN Hopping

VLAN Hopping is an attack in which you gain access to traffic on VLANs which are normally inaccessible. There are two primary ways to achieve this:

VLAN Switch Spoofing: imitate a trunking switch by sending the respective VLAN tag and trunking protocol. A user with a trunk established could hop to any desired VLAN by tagging the frames if no mitigation is enabled.
Double-Tagging VLAN Hop: an 802.1Q frame could be modified to include two VLAN tags; an outer tag with the attackers VLAN and a hidden inner tag with the victim VLAN. When the switch receives this, it removes the outer VLAN tag and forwards the frame to all the ports belonging to the native VLAN.

Last updated 1 month ago

VLAN Hopping is an attack in which you gain access to traffic on VLANs which are normally inaccessible. There are two primary ways to achieve this:

VLAN Switch Spoofing: imitate a trunking switch by sending the respective VLAN tag and trunking protocol. A user with a trunk established could hop to any desired VLAN by tagging the frames if no mitigation is enabled.
Double-Tagging VLAN Hop: an 802.1Q frame could be modified to include two VLAN tags; an outer tag with the attackers VLAN and a hidden inner tag with the victim VLAN. When the switch receives this, it removes the outer VLAN tag and forwards the frame to all the ports belonging to the native VLAN.

Last updated 1 month ago