Virtual Local Area Networking hopping is a computer security exploit, which is a method of attacking networked resources on a VLAN. The basic concept behind all VLAN hopping attacks is for an attacking host on a VLAN in order to gain access to traffic on other VLAN is that would normally not be accessible. There are two main methods of Virtual LAN hopping namely:
Switch spoofing - this is where an attacking host that is capable of speaking the tagging and trucking protocols used in maintaining a VLAN imitates a trunking switch and this will mean that the traffic for multiple VLAN's can now be accessible to the attacking host. If a network switch is in place for autotrunking, the attacker will manage to configure a system spoof or pass itself off as a switch and this will mean that the attacker will be capable of emulating either 802.1q or ISL signaling together with Dynamic Trunk Protocol signaling. If the hacker succeeds, they will enter a switch that gives every indication that it has a continuous need to trunk and this will allow the attacking system to be able to gain access on all the VLANs allowed on the specific truck port.
Double tagging - this is where an attacking host prepends two VLAN tags to packets that it transmits. A first switch the packet encounters strips off the first header and the packet is then forwarded. The second false header is then visible to the second switch that the packet encounters. The false VLAN header will indicate that the packet is destined for a host on a second target VLAN and then the packet is sent to the target host as though it were layer 2 traffic. Using this method the attacking host can by pass layer 3 security measures that are used to logically isolate hosts from each other.
Virtual LAN hopping is one of the primary VLAN based attacks used by hackers to infiltrate network security. This attack is used for attacking a network by sending packets to a port, which is generally not accessible. The attacks are mainly conducted in the Dynamic Trunking Protocol and in other cases; the attacks are targeted to the trunking encapsulation protocol 802.1q or ISL. The dynamic trunking protocol is utilized for negotiating trunking on links that are between devices and the type of trunking encapsulation to be used. Virtual LAN hopping may disable some of the security measures that users may have in place on the device, which maps routes between the VLAN's.
Hackers will use this to capture sensitive information like bank account details as well as passwords from targeted network subscribers. Virtual LAN hopping can also be used by some attackers to modify, corrupt or delete data from the end user's computer. Other uses of Virtual LAN hopping are to propagate worms, viruses, Trojan horses as well as other malicious programs that may include malware and Spyware. Virtual LAN hopping can be prevented to some extend by turning off auto trunking feature of all the switches that do not require trunking and this should follow the specific recommendations from switch suppliers on VLAN security.
Author Resource:
This article touched the basics of the topic. I have 2 more resources related to the above. They are vlan and vlan hopping . They are worth a read.