On 11/01/11 12:24, Jonathan Tripathy wrote:
For seeing what I mean about VLAN hopping: http://en.wikipedia.org/wiki/VLAN_hopping
Ahh. That's interesting, but not nearly so interesting (or useful) as the Cisco document that it cites: http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml#wp39054
Basically the hopping only works if the trunk has the same native vlan as the attacker. This, the cisco article goes on to say, is considered to be a misconfiguration. You can read it yourself, but there are two ways of avoiding this.
It's still not clear to me how you would get a reply from the attack -- you'd need something on the receiving end that can also do the double tagging (which is not 802.1ad, it's a second 802.1a tag, to be clear).
jch -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
