Home » Cisco » 300-135 » How does this action benefit the attacker?
A MAC address flood attack is occurring on the Company LAN. During this attack, numerous frames are forwarded to a switch which causes the CAM table to fill to capacity. How does this action benefit the attacker?
A. All traffic is tagged with a specific VLAN ID from the VLAN of the attacker and is now viewable.
B. Clients will forward packets to the attacking device, which will in turn send them to the desired destination but not before recording the traffic patterns.
C. All traffic is redirected to the VLAN that the attacker used to flood the CAM table.
D. All traffic is flooded out all ports and an attacker is able to capture all data.
E. None of the other alternatives apply
Correct Answer: D
Explanation/Reference:
Explanation:
MAC flooding basically involves bombarding the switch with spoofed ARP requests in the hope of making the switch “fail open”. This, in essence, makes the switch display the characteristics of a hub, where it sends packets to all ports. A MAC flooding attack looks like traffic from thousands or computers moving into one port, but it’s actually the attacker spoofing the MAC address of thousands of non-existent hosts. The goal is to flood the switches CAM (content addressable memory) table, or port/MAC table with these bogus requests, and once flooded, the switch will broadcast openly onto a LAN, allowing the attacker to start sniffing. The success of this attack is almost completely dependant on the model and manufacturer of the switch.
References: