Overview
Layer-2 (L2) network security controls provided by various devices, such as switches, routers, and operating systems, can be bypassed by stacking Ethernet protocol headers. An attacker can send crafted packets through vulnerable devices to cause Denial-of-service (DoS) or to perform a man-in-the-middle (MitM) attack against a target network.
Description
This vulnerability exists within Ethernet encapsulation protocols that allow for stacking of Virtual Local Area Network (VLAN) headers. Network standards such as IEEE 802.1Q-1998 and IEEE 802.3 define a system of tagging Ethernet frames that help isolate networks to provide virtual networking capability. IEEE standard 802.1ad, also known as QinQ, allows for the stacking of these VLAN tags, extending the VLAN capability into multiple network segments. This widely adopted Ethernet feature is also referred to as "provider bridging" and "stacked VLANs". In order to properly isolate and protect these virtual networks, many network devices and operating systems provide an L2 network filtering capability. It is important to note that in modern computing environments , such as Cloud based virtualization and virtual networking, the L2 network capability is extended beyond the local area networks. This can lead to exposure of this vulnerabilities in unintended ways to the larger Internet.
The identified vulnerabilities allow an attacker to bypass the security controls by stacking encapsulating headers. This is done by stacking a combination of one or more VLAN 0 (priority tag) headers and 802.2 LLC/SNAP headers. An attacker can send these crafted network packets and exploit vulnerable devices by bypassing their inspection and filtering capabilities. Some examples ..
Support the originator by clicking the read the rest link below.
