1
00:00:00,240 --> 00:00:03,840
So here are the basic principles of the switch ports.

2
00:00:04,320 --> 00:00:09,540
The ports of a switch is in dynamic, desirable mode by default.

3
00:00:10,130 --> 00:00:13,280
If the device connected to the port is a computer.

4
00:00:14,080 --> 00:00:19,570
The mode of the port becomes access and the port is dedicated to that computer.

5
00:00:21,000 --> 00:00:25,560
If the device is another switch, the mode of the port becomes a trunk.

6
00:00:26,410 --> 00:00:33,880
So by default, trunk ports have access to all VLANs and pass traffic for multiple VLANs across the

7
00:00:33,880 --> 00:00:36,700
same physical link generally between switches.

8
00:00:40,100 --> 00:00:47,570
So switch spoofing is a type of Vlan hopping attack that works by taking advantage of an incorrectly

9
00:00:47,570 --> 00:00:49,100
configured trunk port.

10
00:00:49,700 --> 00:00:51,710
In a switch spoofing attack.

11
00:00:52,070 --> 00:00:56,540
The network attacker configures a system to spoof itself as a switch.

12
00:00:57,930 --> 00:01:05,940
So this spoofing requires the network attacker be capable of emulating 802.1 Q and Http messages.

13
00:01:07,110 --> 00:01:11,730
By tricking a switch into thinking that another switch is attempting to form a trunk.

14
00:01:12,420 --> 00:01:17,910
An attacker can gain access to all the VLANs allowed on the trunk port.

15
00:01:18,730 --> 00:01:26,560
So the best way to prevent a basic switch spoofing attack is to turn off trunking on all ports except

16
00:01:26,560 --> 00:01:31,450
the ones that specifically require trunking on the required trunking ports.

17
00:01:31,480 --> 00:01:37,540
Disable DTP dynamic trunking protocol and manually enable trunking.