VLAN Attack (12)

ARP attack

ARP is an Address Resolution Protocol which is designed for a friendly environment. ARP works by associating IP address of Layer 3 with MAC address of Layer 2. ARP lacks very much when it comes to security, a malicious user is able to use a forged IP address of Layer 3 and MAC address of Layer 2, there is no way to verify those forged details in A RP. The malicious user identifies him as a legitimate user and starts to use resources available on the network. It’s even possible to transmit ARP packets to a device in a different VLAN using those forged details.

MAC Flooding Attack

MAC flooding attack is one of the common attacks on a VLAN. In a MAC flooding attack, the switch is flooded with packets of different MAC address therefore consuming memory on the switch. During the MAC flooding attack, switch starts to behave like a “hub” where it starts to share the data with all the ports. Thus a malicious user is able to use a Packet sniffer to extract the sensitive data’s.

DHCP Attack

DHCP is Dynamic host configuration protocol which enables a server to automatically assign IP address to a host with other information such as subnet mask and default gateway. There are two types of DHCP attack on VLAN; they are DHCP starvation Attack and DHCP rogue attack. In DHCP starvation attack, a malicious user sends numerous DHCP request with spoofed MAC address. This causes a Denial of Service at DHCP server, thus not allowing an authentic user from using the network. It can be avoided by limiting the number of MAC address. In DHCP rouge attack, a malicious user acts as if he is a DHCP server and provides a reliable user with Wrong gateway, Wrong DNS and Wrong IP. The user will experience numerous problems ranging from connection problem to communication problems with other host. This can be avoided by using a multilayer switch which got a capability to drop the packets.

Spanning-Tree Protocol Attack

When a malicious user sends a STP message with a priority zero value thus making a new root bridge thus compromising the entire network is known as Spanning-Tree Protocol attack. It can be avoided by disabling spanning -tree function to the entire user interface. This can also be done by enabling root guard on CISCO equipment or BPDU guard on user’s port to disable Priority Zero value thus the malicious user won’t be able to gain the root bridge

Multicasr Brute Force Attack

The multicast brute force attack proceeds when a switch receives a number of multicast frames in rapid succession. This causes the frames to leak into other VLAN instead of containing it on original VLAN. This might also cause a scenario similar to denial of service.

The multicast brute force attack can be stopped by a well-equipped switch which prevents the frames from leaking into other VLAN and therefore containing them in the original VLAN.

Private VLAN Attack

A Private VLAN is a feature in Layer 2 which is used to isolate the traffic only at layer2. When a layer 3,device such as a router is connected to a Private VLAN, it supposed to forward all the traffic received by the router to whatever destination it’s meant for. Sometimes a malicious user might use it for his advantage.

VMPS/VQP Attack

This kind of attack normally happens on Dynamic VLAN Access Ports. This VMPS uses VQP protocol. The disadvantage of VMPS is that it doesn’t use authentication for assigning Vlans based on the MAC address and also it is over UDP which further makes it more vulnerable for the attack.

Normally a DOS attack happens in order to join the unauthenticated VLAN.

VLAN Hopping Attack

VLAN hopping works by sending packets to a port which should not be accessible. Basically, in VLAN hopping attack there are two types

Switch Spoofing
Double Tagging

Switch spoofing

Switch spoofing happens when a malicious user tries to configure a system to spoof itself as a switch by matching itself to 802.1q or ISL. The malicious user is able to spoof the switch with help of (Dynamic Trunk Protocol) DTP signaling.

Double tagging

Double tagging is a method involves tagging transmitted frames with two 802.1q headers, one of the headers is used for Victim switch and another is used for the attacker’s switch.

The simplest way to prevent a VLAN Hopping attack is by disabling Dynamic Trunk protocol (DTP) on all untrusted ports.

Double-Encapsulated 802.1Q

IEEE 802.1Q helps to create smaller network out of large networks. A large network is very slow and consumes lot of bandwidth whereas a smaller network is easier to manage and consumes less bandwidth. So, it’s desirable to have a smaller network than a large complex network. IEEE802.1Q was developed as a part of IEEE802.

Random Frame Stress Attack

Random frame stress attack got many types but it’s generally a brute force attack performed on several fields. In this type of brute force attack the source address and destination address are kept constant. They are primarily performed to test the switch ability when it encounters abnormalities in inputs and calculations.

Random frame stress attack can be prevented when a Private VLAN or PVLAN is used to separate the host from receiving those unwanted inputs.