When an attacker is using switch spoofing to perform VLAN hopping, how is the attacker able to
gather information?
A.
The attacking station uses DTP to negotiate trunking with a switch port and captures all traffic
that is allowed on the trunk.
B.
The attacking station tags itself with all usable VLANs to capture data that is passed through
the switch, regardless of the VLAN to which the data belongs.
C.
The attacking station generates frames with two 802.1Q headers to cause the switch to forward
the frames to a VLAN that would be inaccessible to the attacker through legitimate means.
D.
The attacking station uses VTP to collect VLAN information that is sent out and then tags itself
with the domain information to capture the data.
Explanation:
DTP should be disabled for all user ports on a switch. If the port is left with DTP auto configured
(default on many switches), an attacker can connect and arbitrarily cause the port to start trunking
and therefore pass all VLAN information.
Reference:
http://www.cisco.com/en/US/solutions/ns340/ns517/ns224/ns376/net_design_guidance0900aecd8
00ebd1e.pdf