Virtual LAN Security: weaknesses and countermeasures

Based on Blackhat report [11], we decided to investigate some possibilities to attack VLANs (Virtual Local Area Network). We think that is important to study this particular threat and gain insight into the involved mechanisms, as a breach of VLAN's security can have tremendous consequences. Indeed, VLANs are used to separate subnets and implement security zones. The possibility to send packets across different zones would render such separations useless, as a compromised machine in a low security zone could initiate denial of service attacks against computers in a high security zone. Another threat lies in the possibility to 'destroy' the virtual architecture performing indeed a DoS (Denial Of Service) against a whole network architecture. Recovery time would impact significantly on the business operations; in addition of an additional compromise threat during the time the subnets separations are removed leading finally to information disclosure.