A penetration tester discovers that a switch port is configured with Dynamic Trunking Protocol (DTP) set to "dynamic desirable". By emulating a switch, the tester's workstation successfully negotiates a trunk link. What is the primary attack that this misconfiguration enables?
The scenario describes a switch spoofing attack, which is a method of VLAN hopping. By exploiting a switch port that is dynamically configured to form a trunk link (using DTP), an attacker can gain access to all VLANs allowed on that trunk. This allows the attacker to "hop" between VLANs, bypassing Layer 2 segmentation. MAC flooding targets the switch's CAM table, ARP poisoning manipulates IP-to-MAC address mappings, and a deauthentication attack is specific to wireless networks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is VLAN hopping considered a security risk?
Open an interactive chat with Bash
How does Dynamic Trunking Protocol (DTP) work?
Open an interactive chat with Bash
What are some ways to prevent a VLAN hopping attack?