Posted in Security

Mac Address Flooding Attack

MAC address flooding attack (CAM table flooding attack) is a type of network attack where an attacker connected to a switch port floods the switch interface with a very large number of Ethernet frames with a different fake source MAC address.

MAC flooding attack

The following images shows a Switch’s MAC address table before and after flooding attack.

MAC address table before attack

MAC Address Table after attack

This type of attack is also known as CAM table overflow attack. Within a very short time, the switch’s MAC Address table is full of fake MAC address/port mappings. Switch’s MAC address table has only a limited amount of memory. The switch can not save any more MAC address in its MAC Address table.

Once the switch’s MAC address table is full and it can not save any more MAC address, it enters into a fail-open mode and start behaving like a network Hub. Frames are flooded to all ports, similar to the broadcast type of communication.

Now, what is the benefit of the attacker? The attacker’s machine will be delivered with all the frames between the victim and other machines. The attacker will be able to capture sensitive data from the network.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s