VLAN hopping definition
VLAN hopping is an exploit that lets an attacker gain unauthorized access to a Virtual Local Area Network (VLAN).
There are two primary types of VLAN hopping attacks:
- Switch spoofing. That attacker configures a malicious device to impersonate a switch. The malicious switch then forms a trunking link with the adjacent switch, which enables the attacker to access all VLANs allowed on the trunk link.
- Double tagging. The attacker applies two VLAN tags to the packets. The first tag matches the VLAN ID of the attacker’s VLAN, which the first switch strips off. The second switch then forwards the packet to the VLAN specified by the remaining tag, allowing the packet to hop from the attacker’s VLAN to the victim’s VLAN.
Dangers of VLAN hopping
- Data breaches. Since VLAN hopping leads to unauthorized access to sensitive data, it can result in data breaches. This can have serious implications, especially for organizations that handle personal data, confidential business information, or other sensitive information.
- Network disruption. An attacker who successfully executes a VLAN hopping attack can disrupt the functioning of the network, resulting in service outages, slowing down the network, and other operational issues.
- Privilege escalation. If an attacker hops onto a VLAN containing servers or other resources with administrative privileges, they potentially escalate their privileges within the network.
- Bypassing security measures. VLANs are often used as a security measure to isolate different parts of a network from each other. A successful VLAN hopping attack can bypass this security measure, rendering it ineffective and potentially exposing all parts of the network to attack.
To mitigate these dangers, it’s important to follow good network security practices: properly configure VLANs and switches, limit the use of dynamic trunking, implement private VLANs for untrusted interfaces, and regularly monitor and audit network activity for signs of unusual or malicious activity.