MAC-Flooding

MAC flooding (also known as a switch -jamming ) is a technique to attack a switched Ethernet.

Background

A switch stores internally in a so-called Source Address Table ( SAT) MAC addresses, which are located within the network segment connected to it. Characterized a switch has the ability to unicast messages, which are directed as opposed to broadcast messages to a particular network node ( computer ), to pass only to the recipient.

Operation

In a network or a switch data packets are introduced en masse, all of which contain a different MAC address. The switch now saves every one of the fake / generated MAC addresses to its internal memory overflows. In this case, the switch goes into a so-called " Failopen Mode" to. This will now all packages, whether unicast or broadcast is sent to all connected network participants ( like a hub). For an attacker has the ability for insurgents to network traffic ( sniffing ).

  • Vulnerability
  • Network architecture
537520
de