Methods of testing and protection against VLAN hopping attacks

The article discusses the basic principles and mechanisms of VLAN Hopping attacks, a method of bypassing network isolation provided by virtual local area networks (VLANs) in order to gain unauthorized access to resources of other VLANs. The most common techniques for implementing Switch Spoofing and Double Tagging attacks are described. Practical methods of testing network infrastructure for vulnerability to these attacks using specialized tools are presented. Recommendations on effective protection measures are presented, including proper configuration of switch ports, disabling automatic trunk connection negotiation, and using non-standard VLAN IDs for native VLANs. The results of the study show the critical importance of an integrated approach to network equipment configuration to ensure reliable protection against VLAN Hopping attacks.