Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Do VLANs really provide total isolation? Are there any attacks that still work for breaking out of a VLAN? Just like there is always a way to break out of a sandbox?


It depends on how the VLAN tagging is applied.

If the rule is that everything from a 2nd SSID has the VLAN applied, that's pretty secure.

If the rule is that things with a particular MAC address have the VLAN applied, that depends on the device not spoofing another MAC address.

And if your rule is that already tagged traffic is left as-is, then a device can tag its own traffic with another VLAN.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: