When an attacker is using switch spoofing to perform VLAN hopping, how is the attacker able to gather information?
A.
The attacking station uses DTP to negotiate trunking with a switch port and captures all traffic that is allowed on the trunk
B.
The attacking station tags itself with all usable VLANs to capture data that is passed through the switch, regardless of the VLAN to which the data belongs.
C.
The attacking station will generate frames with two 802.1Q headers to cause the switch to forward the frames to a VLAN that would be inaccessible to the attacker through legitimate means.
D.
The attacking station uses VTP to collect VLAN information that is sent out and then tags itself with the domain information in order to capture the data.
Explanation:
DTP should be disabled for all user ports on a switch. If the port is left with DTP auto-configured (default on many switches), an attacker can connect and arbitrarily cause the port to start trunking and therefore pass all VLAN information.
Reference:
http://www.cisco.com/en/US/solutions/ns340/ns517/ns224/ns376/net_design_guidance0900aecd800ebd1e.pdf
What happened because you showed the answer of the question, and now It’s not possible to display it
There is “Show Answer” link under title of the question. Please click it to view the correct answer(s).
The right answer is C.
Attacking ststion uses double tagging to get access to VLAN that would be inaccessible through legitimate means.
VLAN hopping can’t capture all traffic on the trunk.
Thanks.
Sorry, my bad. Re-read the topic and looks like answer here is right – it should be A. For C to be right – there should be some more requirements met – two switches connected by trunk and native vlan# in first 802.1q header.
And VLAN hopping CAN capture all traffic on the trunk, so option A is the right one.
Thanks,