A switch is a device that allows multiple computers to connect to each other in

Question

A switch is a device that allows multiple computers to connect to each other in such a way that each computer only receives data intended specifically for it. Suppose we have a switch that works as follows. When a computer is connected to one of its ports, it adds a tuple (x, y) to a data structure called the Server Source Address Table, where x is the MAC address of the certain computer and y is the certain port that is assigned to the computer. This new entry will overwrite any other entry with the same MAC address. Assume an attacker can choose her own MAC address. Describe an attack that the network connected by this switch is vulnerable to.

Explanation / Answer

Switch is a device that connects multiple computers together on a computer network. If an attacker choose mac address as a source then the attacker do MAC address flooding. This attack can also be called as CAM table overflow attack.

MAC address flooding is a type of network attack where an attacker connect to a switch port and floods the interface of switch with large number of Ethernet frames with different fake source MAC address.

The MAC address table of switch is filled with fake MAC addresses within a short time. The MAC address table of switch having limited amount of memory so that it can't save any more MAC address in its MAC address table.

When the MAC address table is full , then it enters into a fail-open mode and start behaving like a network hub and frames are flooded to all ports. Due to this the attacker can get the sensitive data from network by getting all the frames travel between source and destination.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.