Re: 802.1q native vlan( further question on VLAN hopping

From: Hansang Bae (hbae@nyc.rr.com)
Date: Sun Oct 13 2002 - 15:11:15 GMT-3

• Next message: Hansang Bae: "Re: My turn - CCIE #10402"
• Previous message: James: "weird question about tftp and access-list"
• Maybe in reply to: Rick: "Re: 802.1q native vlan( further question on VLAN hopping"
• Next in thread: P729: "Re: 802.1q native vlan( further question on VLAN hopping"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

At 01:21 PM 10/9/2002 -0400, Rick wrote:
>I wander if anyone else in the group has any knowledge on this? I need some
>hard facts to why it would not be a security issue. Do you know where those
>studies are located on the bug notices. The real concern is that a hacker
>could jump vlans to access user data on another VLAN. So the third party is
>saying there must be more than just VLAN separation, which could only be
>physical separation. I'm trying to sell them on the fact that it can't be
>done. Any thoughts on this are much appreciated.

A while ago, there were some specific setups that would result in "not-so-secure" 802.1q setup.
See http://www.sans.org/newlook/resources/IDFAQ/vlan.htm for more info pertaining to this topic.

Keep in mind when the study was done though.

hsb

• Next message: Hansang Bae: "Re: My turn - CCIE #10402"
• Previous message: James: "weird question about tftp and access-list"
• Maybe in reply to: Rick: "Re: 802.1q native vlan( further question on VLAN hopping"
• Next in thread: P729: "Re: 802.1q native vlan( further question on VLAN hopping"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Nov 05 2002 - 08:35:46 GMT-3