The switch learns every single frame's source address and stores the addresses in the MAC address table until it is full. In a MAC flooding attack, an attacker attempts to generate a large number of data frames with different MAC addresses (generated randomly) and send them to the switch ( Figure 3). For Cisco IOS, use the following command to check the MAC address table's available space: SW#show mac address-table count
You can check the maximum capacity of a switch's MAC address table by using the switch's operating system. Hackers may hope to see results 1 and 2, because the resumption of broadcasts gives the intruder a chance to capture sensitive information. The switch stops learning new MAC addresses until old records are flushed.
#MAC ADDRESS LEARNING PROCESS SWITCH FREE#
Old records are removed immediately to free up space for learning new MAC addresses.Ģ. What happens if the MAC address table is full? Depending on the coding of the switch's operating system, three possible results are:ġ. The maximum number of records ranges from several thousand for entry-level models to hundreds of thousands for advance models. Space is limited in the switch's MAC address table. These tools are also available through Linux penetration testing distros, such as Kali Linux. You can easily find tools on the Internet to launch this kind of attack. In the following example, I introduce three common attacks that work by sending a data frame with a fake source MAC address. Any host connected to the switch can interrupt the MAC address table records by sending data frames, and the switch cannot verify the authenticity of the frame's source MAC address. You may have noticed that this default MAC address learning process does not contain an authentication step.
0 kommentar(er)
