Re: Switching Advice

From: dan hopkins (hop@nexthop.net)
Date: Wed Dec 26 2001 - 09:27:27 EST


The SANS document does only apply to 802.1q trunks between 2924XL switches.
The methodology they used is dependant on the way that 802.1q trunks tag
the frames. This can be spoofed in some situations.

I am unaware of any tests that test this with ISL Trunking or any tests of
VLAN hopping in a single switch.

Searching on this topic brought me to a good Doc on switching security:
http://www.sans.org/infosecFAQ/switchednet/switch_security.htm

on 2001-12-26 09:02 -0500, Brian DeFeyter <bdf@gospelcom.net> wrote:

> This sounds like it's only a concern on multiple switch setups using
> trunks for VLAN communication? In my example, everything is routed
> through one switch... probably bypassing this problem.
>
> - bdf
>



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:58 EDT