Home » Cisco » 210-260 » Which type of Leyer 2 attack can you “do something” for one host:
Which type of Leyer 2 attack can you “do something” for one host:
A. MAC spoofing
B. CAM overflow….
C. Other
D. Other
Correct Answer: B
Explanation/Reference:
Cisco implemented a technology into IOS called Port Security that mitigates the risk of a Layer 2 CAM overflow attack.
Port Security on a Cisco switch enables you to control how the switch port handles the learning and storing of MAC addresses on a per-interface basis.
The main use of this command is to set a limit to the maximum number of concurrent MAC addresses that can be learned and allocated to the individual switch port.
If a machine starts broadcasting multiple MAC addresses in what appears to be a CAM overflow attack, the default action of Port Security is to shut down the switch interface http://www.ciscopress.com/articles/article.asp?p=1681033&seqNum=2
Q. Whit which type of Layer 2 attack can you intercept traffic that is destined for one host?
A. MAC spoofing
I believe that a complete question would clarify this, if it is about “A” or “B”
@Jamil
I disagree,
Mac Spoofing doesn’t inherently let you receive any traffic from the switch that is for another user as the switch has already built the CAM table if there is data to steal.
CAM table overflow forces the CAM table to be filled with useless dead end MAC addresses. This forced the switch to act like a HUB when it’s dealing with unknown MAC Addresses i.e forwarding the traffic out all interfaces. If this happens then the user can now eavesdrop on all traffic for the user and any other.
Tthe cam table is dynamically updated. meaning the spoof would work. the key word in the real question is 1 single host. all other options would give the traffic of the entire network (flooding)
Wrong Answer : CAM overflow is done to switches to overload the cam table; MAC spoofing is stealing One host mac address .
The same concept of this question appears in the dumps in different question as following :
Which type of layer 2 attack enables the attacker to intercept traffic that is intended for one
specific recipient?
A. BPDU attack
B. DHCP Starvation
C. CAM table overflow
D. MAC address spoofing
Answer here is D