Instant On - Wired

 View Only
  • 1.  VLAN Hopping Attack

    Posted 05-24-2022 12:24 PM

    Could someone tell me if Aruba InstantOn switch (19XX) are subject to VLAN hopping as described in the following article ?

    VLAN Hopping is an attack where the attacker is able to send traffic from one VLAN into another.

    Double tags: the idea behind the attack is that the attacker is connected to an interface in access mode with the same VLAN as the native untagged VLAN on the trunk. The attacker sends a frame with two 802.1Q tags, the "inner" VLAN tag is the VLAN that we want to reach and the "outer" VLAN tag is the native VLAN. When the switch receives the frame, it will remove the first (native VLAN) 802.1Q tag and forwards the frame with the second 802.1Q tag on its trunk interface(s). The attacker has now "jumped" from the native VLAN to the victim's VLAN.It's a one way trip but it could be used perhaps for a DOS attack.

    Do you suggest to assigning a different VLAN ID to the default VLAN ?

    From what I have understood, assigning the default VLAN to a different VLAN from the standard (1) is mainly done to mitigate this type of vulnerability. If that vulnerability is not exploitable, is it worth changing it anyway?