I was wondering is it possible to do vlan hopping on a mikrotik device.
This is because I cant find any ingress filtering so it should be possible to double tag a packet.
Is it also possible to vlan tag your packets over wifi?
If the above is possible I’ts dangerous to use vlans on you mikrotik device because it gives wireless atackers acces to all your networks
I was wondering is it possible to do vlan hopping on a mikrotik device.
Can you tell me perhaps a little bit more over the word “hopping” please.
If you bring a VLAN from one device to another device than it would so called a trunk as I am tight informed.
This is because I cant find any ingress filtering so it should be possible to double tag a packet.
Or did you mean a VLAN inside of another VLAN?
Is it also possible to vlan tag your packets over wifi?
Yes it is, but I would not do so only if I really must because wifi compared against
a wired installation is very unstable and easily able to disturb.
If the above is possible I’ts dangerous to use vlans on you mikrotik device because it gives wireless atackers acces to all your networks
You are able to turn on the encryption, or not?
vlan hopping
http://en.wikipedia.org/wiki/VLAN_hopping
VLAN hopping is a computer security exploit, a method of attacking networked resources on a Virtual LAN (VLAN). The basic concept behind all VLAN hopping attacks is for an attacking host on a VLAN to gain access to traffic on other VLANs that would normally not be accessible. There are two primary methods of VLAN hopping: switch spoofing and double tagging. Both attack vectors can be easily mitigated with proper switchport configuration.
The first concept switch spoofing does only work on cisco switches as far as i know. The double tagging or vlan in vlan or q in q (whats in a name) could be done on a mikrotik.
Normally you prevent this by enabling ingress filtering which makes it impossible because the interface only accepts packets without a vlan tag.
I cant find an option like this on the mikrotik so I was wondering if it routeros does this natively or maybe there is a setting I haven’t found to do this.
I do have encryption on my wireless I was just checking the possibilities.