https://blog.wenb.in/tags/%E4%BA%A4%E6%8D%A2/ Recent content in 交换 on WWayne's Blog Hugo zh-CN Tue, 20 Aug 2013 00:00:00 +0000 https://blog.wenb.in/posts/2013-08-20_vlanhoppingvlan%E8%B7%B3%E8%B7%83%E6%94%BB%E5%87%BB%E8%83%8C%E5%90%8E%E7%9A%84%E4%B8%80%E4%BA%9B%E6%9C%BA%E5%88%B6/ Tue, 20 Aug 2013 00:00:00 +0000 https://blog.wenb.in/posts/2013-08-20_vlanhoppingvlan%E8%B7%B3%E8%B7%83%E6%94%BB%E5%87%BB%E8%83%8C%E5%90%8E%E7%9A%84%E4%B8%80%E4%BA%9B%E6%9C%BA%E5%88%B6/ <p>最近在整理回顾交换方面的知识，注重安全这一块。其中VLAN Hopping吸引了我的注意。</p> <p>最开始我看的是《CCNP SWITCH（642-813）学习指南》这本书的相关章节，发现讲的非常的简单，令人难以理解，感觉是翻译出了问题。随后使用Google搜索中<!-- more -->文文档，依然没有令人满意的说明。没办法，接下来尝试查阅英文文档，收益匪浅，在此与大家分享。</p> <p>《CCNP SWITCH 642-813 Official Certification Guide》英文原版是我最先参考的文档，其中对VLAN Hooping的描述如下：</p> <p>When securing VLAN trunks, also consider the potential for anexploit called VLAN hopping. Here, an attacker positioned on one access VLANcan craft and send frames with spoofed 802.1Q tags so that the packet payloadsultimately appear on a totally different VLAN, all without the use of a router.</p> <p>For this exploit to work, the following conditions must exist in thenetwork configuration:</p>