Definition

VLAN hopping (virtual local area network hopping)

VLAN hopping (virtual local area network hopping) is a method of attacking a network by sending packets to a port that is not normally accessible from a given end system. (A VLAN is a local area network with a definition that maps devices on some other basis than geographic location - for example, by department, type of user, or primary application.)

A VLAN hopping attack can occur in either of two ways. If a network switch is set for autotrunking, the attacker turns it into a switch that appears as if it has a constant need to trunk (that is, to access all the VLANs allowed on the trunk port). In Cisco's Dynamic Trunking Protocol (DTP), the susceptibility of a system to this form of VLAN hopping can be minimized by turning off the autotrunking feature (DTP off) on all switches that do not need to trunk. In the second form of VLAN hopping, the hacker transmits data through one switch to another by sending frames with two 802.1Q tags, one for the attacking switch and the other for the victim switch. This fools the victim switch into thinking that the frame is intended for it. The target switch then sends the frame along to the victim port.

VLAN hopping can be used to steal passwords and other sensitive information from specific network subscribers. VLAN hopping can also be used to modify, corrupt, or delete data, install spyware or other malware programs, and propagate viruses, worms, and Trojans throughout a network.

>> Stay up to date by receiving the latest IT term daily. Simply check "Word of the Day" to register. 

This was last updated in November 2005
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: