[ovs-discuss] using Open vSwitch in VirtualBox for security training

Robin Wood robin at digininja.org
Sat Sep 18 16:21:00 UTC 2010


On 17 September 2010 21:07, Jesse Gross <jesse at nicira.com> wrote:
> On Fri, Sep 17, 2010 at 10:00 AM, Ben Pfaff <blp at nicira.com> wrote:
>> On Fri, Sep 17, 2010 at 05:53:42PM +0100, Robin Wood wrote:
>>> On 17 September 2010 17:37, Ben Pfaff <blp at nicira.com> wrote:
>>> > On Fri, Sep 17, 2010 at 05:34:02PM +0100, Robin Wood wrote:
>>> >> * put my on a specific VLAN then see if I can get on to others, i.e.
>>> >> getting on the voice VLAN and hopping to a data one
>>> >
>>> > What kind of switch feature would help testing this?
>>>
>>> Not sure, I'll try to describe it a bit better. I do security audits
>>> for clients and some of them have have VLANs setup, what I want to
>>> look are things like what would I need to compromise to see the most
>>> traffic, or how to try to get from a guest VLAN to the one that
>>> handles card processing when doing PCI audits.
>>>
>>> For hopping, there are tools out there but I've not looked at them
>>> just because I haven't had the facilities to test them.
>>
>> A quick search for "vlan hopping tools" turned up a description of
>> "VoIP Hopper":
>>        http://www.darknet.org.uk/2008/01/voip-hopper-vlan-hopping-tool/
>>
>> If OVS is vulnerable to this kind of problem (it shouldn't be) I'd like
>> to hear about it; we'll fix it.
>
> All you should need from Open vSwitch itself is the ability to put
> some different VMs on VLANs.  Then you could have a target VM on one
> VLAN and and attack VM on another VLAN and try to hop between the two.
>  This is quite easy to setup.


OK, I'll download the live cd and give it a go, see what I can find.

Thanks

Robin




More information about the discuss mailing list