Normal user traffic in attacker VLAN is flooded trough all the switch port and if the attack is doing enough time attacker can captures data he needs.
Mac address flooding mac#
Other switches in campus network also learn fake MAC addresses and flood fake MAC further.Īfter some time all the switches which have switch port in VLAN where attack started will have MAC address table. Switch learns these fake MAC addresses and fake frames are also flooded to all switch ports in particular VLAN. Switch can't learn any new MAC address and traffic is send to every port in VLAN where the attack starts.Īll the attacker needs to do is poison switch with many fake MAC address that fills up entire MAC address table. After the limit of MAC address is reached MAC address table is full. The idea is simple - switch can learn only given number of MAC address because of hardware limit of MAC address table. Attacked switch sends traffic to every switch port and trafic (phone calls, hash passwords etc.) can be captured by attacker.
Mac address flooding how to#
MAC flooding attack is method how to force switch behaves as hub device. Similarly manually created MAC addresses are marked as STATIC in MAC address table. This source MAC address is MAC of network card (or other network device) and is rememebered with switch port on that was frame received and VLAN on this port.ĭynamically learned MAC address are marked as DYNAMIC in MAC address table. Switch looks up not only destination MAC address in Ethernet header but it learns source MAC address of received frame and copy it to MAC address table. MAC addresses are also dynamically learned by switch. Total Mac Addresses for this criterion: 22 They are totally 22 MAC addresses in MAC address table now. This command adds MAC address to switch port Fa 0/5 for VLAN 100. How do MAC addresses get to switch MAC address table? They cloud be added as static entry with administrator:Ģ960-I(config)# mac address-table static vlan 100 interface Fa 0/5
Mac address flooding Pc#
Switch needs to be sure that the frame will be delivered to end PC so it floods frame to all the switch ports except the port Fa 0/4. If the port Fa 0/4 is in VLAN 200 switch can't use any entry in MAC address table because there is not any MAC address in VLAN200. Total Mac Addresses for this criterion: 21 If switch receives frame with destination MAc address 001a.4b79.70b8 on Fa 0/4 port it switches this frame to port Fa 0/1 if the the port Fa 0/4 is VLAN100. For doing this it needs to maintain MAC address table and be able to find destination MAC address, outgoing port, and VLAN.īellow is a MAC address table of Cisco 2960 8 ports switch. It must be able to inspect Ethernet header and choose outgoing switch port in particular VLAN. Unlike hub switch can forward traffic according to destination MAC address in received Ethernet frame. This is not very secured method because traffic is send to every port and could be captured by attacker. Hub is a network device which forwards Ethernet received frames to all the ports except the port on which hub previously received frames.
0 kommentar(er)
