On 17 September 2010 21:07, Jesse Gross <[email protected]> wrote: > On Fri, Sep 17, 2010 at 10:00 AM, Ben Pfaff <[email protected]> wrote: >> On Fri, Sep 17, 2010 at 05:53:42PM +0100, Robin Wood wrote: >>> On 17 September 2010 17:37, Ben Pfaff <[email protected]> wrote: >>> > On Fri, Sep 17, 2010 at 05:34:02PM +0100, Robin Wood wrote: >>> >> * put my on a specific VLAN then see if I can get on to others, i.e. >>> >> getting on the voice VLAN and hopping to a data one >>> > >>> > What kind of switch feature would help testing this? >>> >>> Not sure, I'll try to describe it a bit better. I do security audits >>> for clients and some of them have have VLANs setup, what I want to >>> look are things like what would I need to compromise to see the most >>> traffic, or how to try to get from a guest VLAN to the one that >>> handles card processing when doing PCI audits. >>> >>> For hopping, there are tools out there but I've not looked at them >>> just because I haven't had the facilities to test them. >> >> A quick search for "vlan hopping tools" turned up a description of >> "VoIP Hopper": >> http://www.darknet.org.uk/2008/01/voip-hopper-vlan-hopping-tool/ >> >> If OVS is vulnerable to this kind of problem (it shouldn't be) I'd like >> to hear about it; we'll fix it. > > All you should need from Open vSwitch itself is the ability to put > some different VMs on VLANs. Then you could have a target VM on one > VLAN and and attack VM on another VLAN and try to hop between the two. > This is quite easy to setup.
OK, I'll download the live cd and give it a go, see what I can find. Thanks Robin _______________________________________________ discuss mailing list [email protected] http://openvswitch.org/mailman/listinfo/discuss_openvswitch.org
