Advertisement

SNMP-Based Detection of VLAN Hopping Attack Risk

  • Kwangjun Kim
  • Manhee LeeEmail author
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 514)

Abstract

Virtual local area network (VLAN) is commonly used to divide a big network into several small network segments. Also, many adopt VLAN for dissecting LANs in order to prevent communications between different VLANs for security and management purposes. It is known that inserting an additional VLAN tag into Ethernet frames, referred to as VLAN hopping attack, can bypass the VLAN-based network separation. There are two preconditions for the attack. The first condition is that a hacker needs to know the destination’s VLAN identification number and the second condition is that the attacking system needs to be connected a switch’s trunk port that is used for connecting a switch. In this study, we propose an SNMP (Simple Network Management Protocol)-based detection method to effectively find a port and an MAC address that meet the second condition before a VLAN hopping attack begins. Since SNMP is implemented by most network components, our method can be easily deployed to the current VLAN networks.

Keywords

Virtual LAN VLAN hopping attack SNMP 

References

  1. 1.
    CISCO. Inter-Switch Link and IEEE 802.1Q Frame Format. https://www.cisco.com/c/en/us/support/docs/lan-switching/8021q/17056-741-4.html. Accessed 25 Aug 2006
  2. 2.
    IEEE Computer Society (2006) IEEE standard for local and metropolitan area networks—virtual bridged local area networksGoogle Scholar
  3. 3.
    SANS Institute (2016) Virtual LAN security weaknesses and countermeasures. https://www.sans.org/reading-room/whitepapers/networkdevs/virtual-lan-security-weaknesses-countermeasures-1090
  4. 4.
    David Hucaby. VLANs and Trunking. http://www.ciscopress.com/articles/article.asp?p=29803&seqNum=3. Accessed 25 Oct 2002
  5. 5.
    Cisco Networking Academy. Dynamic Trunking Protocol (3.2.3) > Cisco Networking Academy’s Introduction to VLANs. http://www.ciscopress.com/articles/article.asp?p=2181837&seqNum=8. Accessed 7 Apr 2014
  6. 6.
    Convery S (2002) Hacking layer 2: fun with ethernet switches. https://www.blackhat.com/presentations/bh-usa-02/bh-us-02-convery-switches.pdf
  7. 7.
    Bhaij Y (2006) Layer 2 attacks & mitigation techniques. https://www.sanog.org/resources/sanog7/yusuf-L2-attack-mitigation.pdf
  8. 8.
    RFC 1157 (1990) A simple network management protocol (SNMP). https://www.ietf.org/rfc/rfc1157.txt
  9. 9.
    Rose M (1990) Management information base for network management of TCP/IP-based inter-nets: MIB-II. https://tools.ietf.org/html/rfc1213
  10. 10.
  11. 11.
    CISCO-VTP-MIB. ftp://ftp.cisco.com/pub/mibs/v2/CISCO-VTP-MIB.myGoogle Scholar
  12. 12.
    RFC 4188. Definitions of managed objects for bridges. https://tools.ietf.org/html/rfc4188
  13. 13.

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Department of Computer EngineeringHannam UniversityDaeduck-gu, DaejeonKorea

Personalised recommendations