MAC address flooding attack (CAM table flooding attack) is a type of network attack where an attacker connected to a switch port floods the switch interface with a very large number of Ethernet frames with a different fake source MAC address.
The following images shows a Switch’s MAC address table before and after flooding attack.
This type of attack is also known as CAM table overflow attack. Within a very short time, the switch’s MAC Address table is full of fake MAC address/port mappings. Switch’s MAC address table has only a limited amount of memory. The switch can not save any more MAC address in its MAC Address table.
Once the switch’s MAC address table is full and it can not save any more MAC address, it enters into a fail-open mode and start behaving like a network Hub. Frames are flooded to all ports, similar to the broadcast type of communication.
Now, what is the benefit of the attacker? The attacker’s machine will be delivered with all the frames between the victim and other machines. The attacker will be able to capture sensitive data from the network.