A demonstration of network segmentation bypass through layer 2 adjacency despite logical subnet separation.
This repository demonstrates a network architecture vulnerability where:
- Two or more devices reside on different IP subnets (logical separation)
- But share the same physical broadcast domain (layer 2 adjacency)
- Allowing potential bypass of network access controls
Technical Context
Traditional network security often relies on IP-based filtering (layer 3) while neglecting physical layer controls. When devices in separate subnets share the same broadcast domain:
- ARP Protocol Exposure: Devices can discover each other via layer 2 ARP requests
- MAC Address Communication: Direct communication possible using MAC addresses
- VLAN Hopping Risk: Potential gateway spoofing between subnets
Impact
- Bypass firewall rules between subnets
- Potential lateral movement paths
- Violates PCI DSS Requirement 1.2.1 ("Implement subnet separation")
- Kali Linux or similar distro
- Root privileges
- Nmap + tcpdump installed
- Network access to target subnet
- ARP Discovery
sudo arp-scan -I eth0 172.21.4.0/24