Abstract
Virtual local area network (VLAN) is commonly used to divide a big network into several small network segments. Also, many adopt VLAN for dissecting LANs in order to prevent communications between different VLANs for security and management purposes. It is known that inserting an additional VLAN tag into Ethernet frames, referred to as VLAN hopping attack, can bypass the VLAN-based network separation. There are two preconditions for the attack. The first condition is that a hacker needs to know the destination’s VLAN identification number and the second condition is that the attacking system needs to be connected a switch’s trunk port that is used for connecting a switch. In this study, we propose an SNMP (Simple Network Management Protocol)-based detection method to effectively find a port and an MAC address that meet the second condition before a VLAN hopping attack begins. Since SNMP is implemented by most network components, our method can be easily deployed to the current VLAN networks.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
