The Company network is being flooded with invalid Layer 2 addresses, causing switch CAM tables to be filled and forcing unicast traffic to be transmitted out all switch ports. Which type of Layer 2 attack is being used here?
A. MAC spoofing
B. VLAN hopping
C. MAC address flooding
D. DHCP flooding
E. Session hijacking
Correct Answer: C
Explanation/Reference:
Explanation:
Port security is especially useful in the face of MAC address flooding attacks. In these attacks, an attacker tries to fill up a switch’s CAM tables by sending a large number of frames to it with source MAC addresses that the switch is unaware of at that time. The switch learns about these MAC addresses and puts them in its CAM table, thinking that these MAC addresses actually exist on the port on which it is receiving them. In reality, this port is under the attacker’s control and a machine connected to this port is being used to send frames with spoofed MAC addresses to the switch. If the attacker keeps sending these frames in a large-enough quantity, and the switch continues to learn of them, eventually the switch’s CAM table becomes filled with entries for these bogus MAC addresses mapped to the compromised port. Under normal operations, when a machine receiving a frame responds to it, the switch learns that the MAC address associated with that machine sits on the port on which it has received the response frame. It puts this mapping in its CAM table, allowing it to send any future frames destined for this MAC address directly to this port rather than flood all the ports on the VLAN. However, in a situation where the CAM table is filled up, the switch is unable to create this CAM entry. At this point, when the switch receives a legitimate frame for which it does not know which port to forward the frame to, the switch floods all the connected ports belonging to the VLAN on which it has received the frame. The switch continues to flood the frames with destination addresses that do not have an entry in the CAM tables to all the ports on the VLAN associated with the port it is receiving the frame on.
References:
