[11711] in bugtraq
Re: VLAN Security
daemon@ATHENA.MIT.EDU (Stefan Stefanov)
Tue Sep 7 11:43:13 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <37CF858A.FAD4C8F1@orbitel.bg>
Date: Fri, 3 Sep 1999 11:23:38 +0300
Reply-To: Stefan Stefanov <sstefanov@ORBITEL.BG>
From: Stefan Stefanov <sstefanov@ORBITEL.BG>
X-To: bugtraq@SIS.ALPHAWEST.COM.AU
To: BUGTRAQ@SECURITYFOCUS.COM
bugtraq@SIS.ALPHAWEST.COM.AU wrote:
>
> To Bugtraq,
>
> We have recently conducted some testing into the security of the
> implementation of VLANs on a pair of Cisco Catalyst 2900 series
> switches and we feel that the results of this testing might be of some
> value to the readers. Testing basically involved injecting 802.1q
> frames with forged VLAN identifiers into the switch in an attempt to
> get the frame to jump VLANs. A brief background is included below for
> those that might not be too familiar with VLANs. Others should skip
> to the end for the results.
>
Interesting proposal, but I think it is more or less Cisco specific.
Here I have a BayStack 350T-24 running software revision 1.0.0.2.
According to the documentation the switch has the following feature that
can be configured on per Port basis:
Filter Tagged Frames: Allows you to set this port to filter (discard)
all received tagged packets.
I think all the ethernet switches should filter all tagged frames when a
port is not a trunk port. This way a machine that is connected to a non
trunked port, should not be able to send frames with 802.1q tags in it.
In your example the switch should have filtered the tagged frames.
--
Best Regards,
Stefan Stefanov
Orbitel Ltd.
