You are conducting threat modeling to identify attack vectors. Which of the following is the least likely initiated to hijack user sessions?
A. IP address spoofing
B. ARP spoofing
C. DNS spoofing
D. VLAN hopping

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. IP address spoofing.

VLAN is a network segmentation and isolation mechanism that creates its broadcast domain. A router typically forwards communication between nodes across VLANs. Trunks are links used to connect switches and routers. In other words, getting access to trunks can capture traffic across VLANs.

• VLAN hopping is practically switch spoofing. The attacking host manipulates trunking protocols to connect to a switch with a trunk; it captures traffic and becomes a middle man that makes session hijacking easier.
• “IP address spoofing is most frequently used in denial-of-service attacks, where the objective is to flood the target with an overwhelming volume of traffic, and the attacker does not care about receiving responses to the attack packets.” (Wikipedia) Even though attackers can use it to hijack user sessions, the TCP sequence number commonly mitigates the attack.
• ARP spoofing and DNS spoofing are common techniques used to redirect or divert traffic and hijack user sessions.

Trunk

• “A VLAN trunk, or trunk, is a point-to-point link between two network devices that carries more than one VLAN. A VLAN trunk extends VLANs across two or more network devices.” (Cisco)
• “Trunk ports are the links between switches that support the transmission of traffic associated with more than one VLAN.” (Cisco)

VLAN Hopping

VLAN hopping is a computer security exploit, a method of attacking networked resources on a virtual LAN (VLAN). The basic concept behind all VLAN hopping attacks is for an attacking host on a VLAN to gain access to traffic on other VLANs that would normally not be accessible. There are two primary methods of VLAN hopping: switch spoofing and double tagging. Both attack vectors can be mitigated with proper switch port configuration. (Wikipedia)

Reference

• Session hijacking
• IP address spoofing
• ARP spoofing
• DNS spoofing
• VLAN hopping

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

• It is available on Amazon.
• Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.

您正在進行威脅建模(threat modeling)以識別攻擊向量(attack vector)。 以下哪一項是最不可能用來劫持用戶會話(session hijacking)的攻擊？
A. IP地址欺騙 (IP address spoofing)
B. ARP欺騙 (ARP spoofing)
C. DNS欺騙 (DNS spoofing)
D. VLAN跳頻 (VLAN hopping)