[ovs-discuss] using Open vSwitch in VirtualBox for security training

Jesse Gross jesse at nicira.com
Fri Sep 17 20:07:18 UTC 2010


On Fri, Sep 17, 2010 at 10:00 AM, Ben Pfaff <blp at nicira.com> wrote:
> On Fri, Sep 17, 2010 at 05:53:42PM +0100, Robin Wood wrote:
>> On 17 September 2010 17:37, Ben Pfaff <blp at nicira.com> wrote:
>> > On Fri, Sep 17, 2010 at 05:34:02PM +0100, Robin Wood wrote:
>> >> * put my on a specific VLAN then see if I can get on to others, i.e.
>> >> getting on the voice VLAN and hopping to a data one
>> >
>> > What kind of switch feature would help testing this?
>>
>> Not sure, I'll try to describe it a bit better. I do security audits
>> for clients and some of them have have VLANs setup, what I want to
>> look are things like what would I need to compromise to see the most
>> traffic, or how to try to get from a guest VLAN to the one that
>> handles card processing when doing PCI audits.
>>
>> For hopping, there are tools out there but I've not looked at them
>> just because I haven't had the facilities to test them.
>
> A quick search for "vlan hopping tools" turned up a description of
> "VoIP Hopper":
>        http://www.darknet.org.uk/2008/01/voip-hopper-vlan-hopping-tool/
>
> If OVS is vulnerable to this kind of problem (it shouldn't be) I'd like
> to hear about it; we'll fix it.

All you should need from Open vSwitch itself is the ability to put
some different VMs on VLANs.  Then you could have a target VM on one
VLAN and and attack VM on another VLAN and try to hop between the two.
 This is quite easy to setup.




More information about the discuss mailing list