| Mac Flooding |
Article Index for Mac |
Website Links For Mac |
Information AboutMac Flooding |
| CATEGORIES ABOUT MAC FLOODING | |
| ethernet | |
| computer network security | |
|
Switches maintain a list (called a Translation Table ) that maps individual MAC Address es on the network to the physical Port s on the switch. This enables it to only send data out of the physical port where the recipient computer is located, instead of indiscriminately broadcasting the data out of all ports like a Hub . The advantage of this method is that data is only routed to the computer that the data is specifically destined for. In a typical MAC flooding attack, a switch is flooded with Packet s, each containing different source MAC Address es. The intention is to consume the limited Memory set aside in the switch to store the MAC address-to-physical port translation table. The result of this attack causes the switch to enter a state called failopen mode, in which all incoming packets are broadcast out on all ports (as with a hub), instead of just down the correct port as per normal operation. A malicious user could then use a Packet Sniffer (such as Wireshark ) running in Promiscuous Mode to capture sensitive data from other computers (such as unencrypted passwords, e-mail and Instant Messaging conversations), which would not be accessible were the switch operating normally. It is intended to guarantee transmission of packets to their destination in the case that the switch's integrity is compromised. Some more advanced switches, such as those from Nortel , Cisco or Allied Telesis gives you an opportunity to set up protection against this attack with limiting and/or hardwireing some MAC addresses to a dedicated port. You can also set the policy that if a port gets too many MAC addresses, the default is to shut the port down, and write a log. SEE ALSO
|
|
|