Abstract
Virtual local area network (VLAN) is commonly used to divide a big network into several small network segments. Also, many adopt VLAN for dissecting LANs in order to prevent communications between different VLANs for security and management purposes. It is known that inserting an additional VLAN tag into Ethernet frames, referred to as VLAN hopping attack, can bypass the VLAN-based network separation. There are two preconditions for the attack. The first condition is that a hacker needs to know the destination’s VLAN identification number and the second condition is that the attacking system needs to be connected a switch’s trunk port that is used for connecting a switch. In this study, we propose an SNMP (Simple Network Management Protocol)-based detection method to effectively find a port and an MAC address that meet the second condition before a VLAN hopping attack begins. Since SNMP is implemented by most network components, our method can be easily deployed to the current VLAN networks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
CISCO. Inter-Switch Link and IEEE 802.1Q Frame Format. https://www.cisco.com/c/en/us/support/docs/lan-switching/8021q/17056-741-4.html. Accessed 25 Aug 2006
IEEE Computer Society (2006) IEEE standard for local and metropolitan area networks—virtual bridged local area networks
SANS Institute (2016) Virtual LAN security weaknesses and countermeasures. https://www.sans.org/reading-room/whitepapers/networkdevs/virtual-lan-security-weaknesses-countermeasures-1090
David Hucaby. VLANs and Trunking. http://www.ciscopress.com/articles/article.asp?p=29803&seqNum=3. Accessed 25 Oct 2002
Cisco Networking Academy. Dynamic Trunking Protocol (3.2.3) > Cisco Networking Academy’s Introduction to VLANs. http://www.ciscopress.com/articles/article.asp?p=2181837&seqNum=8. Accessed 7 Apr 2014
Convery S (2002) Hacking layer 2: fun with ethernet switches. https://www.blackhat.com/presentations/bh-usa-02/bh-us-02-convery-switches.pdf
Bhaij Y (2006) Layer 2 attacks & mitigation techniques. https://www.sanog.org/resources/sanog7/yusuf-L2-attack-mitigation.pdf
RFC 1157 (1990) A simple network management protocol (SNMP). https://www.ietf.org/rfc/rfc1157.txt
Rose M (1990) Management information base for network management of TCP/IP-based inter-nets: MIB-II. https://tools.ietf.org/html/rfc1213
CNRS Grenoble, CRIC Homepage. http://cric.grenoble.cnrs.fr/Administrateurs/Outils/MIBS/?oid=1.3.6.1.2.1.2.2.1.2
CISCO-VTP-MIB. ftp://ftp.cisco.com/pub/mibs/v2/CISCO-VTP-MIB.my
RFC 4188. Definitions of managed objects for bridges. https://tools.ietf.org/html/rfc4188
CNRS Grenoble, CRIC Homepage. http://cric.grenoble.cnrs.fr/Administrateurs/Outils/MIBS/?oid=1.3.6.1.2.1.4.22.1.2
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Kim, K., Lee, M. (2019). SNMP-Based Detection of VLAN Hopping Attack Risk. In: Kim, K., Baek, N. (eds) Information Science and Applications 2018. ICISA 2018. Lecture Notes in Electrical Engineering, vol 514. Springer, Singapore. https://doi.org/10.1007/978-981-13-1056-0_28
Download citation
DOI: https://doi.org/10.1007/978-981-13-1056-0_28
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-1055-3
Online ISBN: 978-981-13-1056-0
eBook Packages: EngineeringEngineering (R0)