Which feature or configuration on a switch makes it vulnerable to VLAN double-tagging attacks?
- mixed duplex mode enabled for all ports by default
- the limited size of content-addressable memory space
- the automatic trunking port feature enabled for all ports by default
- the native VLAN of the trunking port being the same as a user VLAN
| Answers Explanation & Hints:
A double-tagging (or double-encapsulated) VLAN hopping attack takes advantage of the way that hardware on most switches operates. Most switches perform only one level of 802.1Q de-encapsulation, which allows an attacker to embed a hidden 802.1Q tag inside the frame. This tag allows the frame to be forwarded to a VLAN that the original 802.1Q tag did not specify. An important characteristic of the double-encapsulated VLAN hopping attack is that it works even if trunk ports are disabled, because a host typically sends a frame on a segment that is not a trunk link. This type of attack is unidirectional and works only when the attacker is connected to a port residing in the same VLAN as the native VLAN of the trunk port. |