On Mon, 19 Sep 2005, Yersinia Authors wrote:
We haved tested this attack only against Cisco switches 29xx, so we would be pleased if we received notifications of working attacks in other Cisco modeles, or better, other vendors (which is almost impossible since DTP is Cisco proprietary, but, we've seen HP switches with CDP enabled ;) )
You will most likely be able to do this to any cisco switch that supports DTP. What you're doing is using a misconfiguration, not really a vulnerability. You're not vlan hopping, you're telling the switch that you are a switch and that the interlink should be in trunk mode, and then the other end will give you access to all vlans, if it's configured default from factory.
-- Mikael Abrahamsson email: [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
