VLAN Hopping

Viewing 7 reply threads
  • Author
    Posts
    • #6946
      T_Bone
      Participant

      Hi

      I want to test the security of VLANs currently in place and would like to know what the best tool is to try and hop from one VLAN to another. i.e. I am on network 192.168.1.x and can see some broadcast traffic on 192.168.2.x, however, I am unable to communicate with any hosts on the 192.168.2 network. Is there any tools that will allow me to do this or at least attempt it?

    • #43143
      hell_razor
      Participant

      I am not aware of any automated tools, but you might be able to find a scapy program/python script to generate the qtags to inject in the header.  Many switches do not verify tagged vlans and will rely on the header info to properly “route” them.

    • #43144
      ziggy_567
      Participant

      Yersinia has some VLAN hopping capabilities…

    • #43145
      T_Bone
      Participant

      Thanks guys,

      I just checked Yersinia and looks interesting 🙂

    • #43146
      hell_razor
      Participant

      Totally forgot about Yersinia, thanks Ziggy!

    • #43147
      Darktaurus
      Participant

      You could also use vconfig which I think is included on the later versions of Backtrack by default.  It was also a technique used on one if the Skillz challenges here at EthicalHacker.net.  It was a very cool challenge too.  That might help you out.  I would use wireshark once you have added the tags to your interface to ensure you are seeing what you need to. 

      http://www.ethicalhacker.net/content/view/278/2/

    • #43148
      MaXe
      Participant

      @Agoonie wrote:

      You could also use vconfig which I think is included on the later versions of Backtrack by default.  It was also a technique used on one if the Skillz challenges here at EthicalHacker.net.  It was a very cool challenge too.  That might help you out.  I would use wireshark once you have added the tags to your interface to ensure you are seeing what you need to. 

      http://www.ethicalhacker.net/content/view/278/2/

      http://vimeo.com/6828914

      Thanks a ton, I actually need to update my knowledge about VLAN networks  ;D

    • #43149
      Darktaurus
      Participant

      No problemo.  Also, the backtrack forum has info on vlans and SIP too.  I cannot remember the link but someone demonstrated a pentest where they got into the network thru the voip network to bypass NAC.  Also, you could use GNS3 to simulate the VLANS, VOIP, etc:

      http://www.backtrack-linux.org/forums/backtrack-howtos/35235-gns3-cisco3745-sip-server-preparation-simulated-voip-attacks.html

Viewing 7 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?