VLAN Hopping
Virtual Local Area Network or VLAN hopping is a type of network attack through which an attacker attacks network traffic by sending packets to the port that cannot be accessed normally from any given system. In VLAN attack, both the attacker and the target are connected to the VLAN but the attacker is connected with a special VLAN for accessing port of another VLAN network. The attacker uses sniffer to access network traffic.
Switch Spoofing and Double Tagging attacks are the two types of VLAN hopping attacks. In Switch Spoofing VLAN hopping, the attacker turns a network switch for auto trunking and can access the trunk ports. Cisco Company provides protocol called Dynamic Trunking Protocol (DTP) that contains the feature to turn off auto trunking. Further, in Double Tagging VLAN hopping, the attacker transmits the data using two switches. It sends frames from one switch to another switch along with two 802.1Q tags. One tag is reserved for the attacking switch and the other tag is reserved for the victim switch. Figure 5 shows how an attacker can target their victim by using VLAN hopping. The major motive of VLAN hopping is .to steal, modify or delete sensitive info such as password of a specific network.
