adam's notes

MAC Flooding Attack

MAC flooding is a network attack where a switch’s cache table is inundated with frames from random source MAC addresses so that it starts flooding unicast traffic, facilitating snooping attacks.

  • ARP poisoning is directed at hosts, MAC flooding is used to attack a switch
  • intention of the attacker is to exhaust the memory used to store the switch’s MAC address table
    • switch uses MAC address table to determine which port to use to forward unicast traffic to its correct destination
    • overwhelming the table can cause the switch to stop trying to apply MAC-based forwarding and flood unicast traffic out of all ports, working as a hub
      • makes sniffing network traffic easier
  • can be blocked with port security

Graph View

Backlinks