[ovs-discuss] using Open vSwitch in VirtualBox for security training
jesse at nicira.com
Fri Sep 17 20:07:18 UTC 2010
On Fri, Sep 17, 2010 at 10:00 AM, Ben Pfaff <blp at nicira.com> wrote:
> On Fri, Sep 17, 2010 at 05:53:42PM +0100, Robin Wood wrote:
>> On 17 September 2010 17:37, Ben Pfaff <blp at nicira.com> wrote:
>> > On Fri, Sep 17, 2010 at 05:34:02PM +0100, Robin Wood wrote:
>> >> * put my on a specific VLAN then see if I can get on to others, i.e.
>> >> getting on the voice VLAN and hopping to a data one
>> > What kind of switch feature would help testing this?
>> Not sure, I'll try to describe it a bit better. I do security audits
>> for clients and some of them have have VLANs setup, what I want to
>> look are things like what would I need to compromise to see the most
>> traffic, or how to try to get from a guest VLAN to the one that
>> handles card processing when doing PCI audits.
>> For hopping, there are tools out there but I've not looked at them
>> just because I haven't had the facilities to test them.
> A quick search for "vlan hopping tools" turned up a description of
> "VoIP Hopper":
> If OVS is vulnerable to this kind of problem (it shouldn't be) I'd like
> to hear about it; we'll fix it.
All you should need from Open vSwitch itself is the ability to put
some different VMs on VLANs. Then you could have a target VM on one
VLAN and and attack VM on another VLAN and try to hop between the two.
This is quite easy to setup.
More information about the discuss