Cisco CloudCenter: Get the Hybrid IT Advantage

Virtual Local Area Network Hopping (VLAN Hopping)

Definition - What does Virtual Local Area Network Hopping (VLAN Hopping) mean?

Virtual local area network hopping (VLAN hopping) is a computer security exploit method for attacking computer resources that are connected on a virtual LAN (VLAN). The concept of VLAN hopping is to gain access to other VLANs that are present on the same network to which the hacker already has access. The attacker must have access to at least a single VLAN on the network to use as a base of operations from which to attack other VLANs.

Techopedia explains Virtual Local Area Network Hopping (VLAN Hopping)

Gaining access to VLANs is one of the most significant ways to compromise network security, which gives the attacker almost total control. VLANs use a process called trunking, where a VLAN's switches are set so that they look for specific channels to send and receive data. Attackers use this process as a back door to infiltrate other VLANs in the network.

There are two methods of attack. The first exploits autotrunking, although this is not available or activated on all switches. The attacker makes the trunk switch constantly, providing access to all VLANs allowed on the trunk port and allowing the attacker to choose one. This is called switch spoofing.

The second method involves sending data frames with the 802.1Q tags to two switches - the attacking switch and victim switch. The victim switch is tricked into behaving as if the frame is intended for it and then sends it along to the other VLANs. When the attacker gains access to the VLAN, he is able to do almost anything - as if he were at the terminal - such as copying/deleting files, uploading viruses, installing other applications or even changing settings.

Share this: