When an attacker is using switch spoofing to perform VLAN hopping, how is the attacker
able to gather information?
A.
The attacking station uses DTP to negotiate trunking with a switch port and captures all
traffic that is allowed on the trunk.
B.
The attacking station tags itself with all usable VLANs to capture data that is passed
through the switch, regardless of the VLAN to which the data belongs.
C.
The attacking station generates frames with two 802.1Q headers to cause the switch to
forward the frames to a VLAN that would be inaccessible to the attacker through legitimate
means.
D.
The attacking station uses VTP to collect VLAN information that is sent out and then tags
itself with the domain information to capture the data.
Explanation:
DTP should be disabled for all user ports on a switch. If the port is left with DTP auto
configured (default on many switches), an attacker can connect and arbitrarily cause the port
to start trunking and therefore pass all VLAN information.
Reference:
http://www.cisco.com/en/US/solutions/ns340/ns517/ns224/ns376/net_design_guidance0900aecd800ebd1e.pdf