NOTE: Traffic is flooded only within the local VLAN, so the intruder sees only traffic within the local VLAN to which the intruder is connected. As a result, the attacker can capture all of the frames sent from one host to another. When this occurs, the switch treats the frame as an unknown unicast and begins to flood all incoming traffic to all ports without referencing the CAM table. If enough entries are entered into the CAM table before older entries expire, the table fills up to the point that no new entries can be accepted. CAM table overflow attacks (also called MAC address overflow attacks) take advantage of this limitation by bombarding the switch with fake source MAC addresses until the switch MAC address table is full. How does CAM Table attack work?Īll CAM tables have a fixed size and consequently, a switch can run out of resources in which to store MAC addresses. However, if the destination MAC address is not in the CAM table, the switch will flood the frame out of all ports except for the frame’s port of ingress. If the destination MAC address is in the CAM table, the switch forwards the frame accordingly. Switches then compare the destination MAC unicast addresses of incoming frames to the entries in the CAM table to make port forwarding decisions. A CAM table is the same thing as a MAC address table. The CAM table binds and stores MAC addresses and associated VLAN parameters that are connected to the physical switch ports. A Layer 2 LAN switch builds a table of MAC addresses that are stored in its Content Addressable Memory (CAM). Before you can prevent MAC flooding attack on layer 2 devices, you must know enough about basic switch operation and MAC table attack.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |