![]()
We’ll show you how to configure the switch port to be protected against the MAC flooding attack. How to protect your network against MAC flooding attack When we look at the MAC address table, we can see a lot of malicious inputs that came from the port fa0/1. #macof –i eth0Īs we can see, we have filled the CAM table and the switch has no place for new inputs. The only variable is the name of the port from which we will initiate the attack. We may run the attack by following the CLI command. The switch port, where our computer is connected, does not have any protection configured. We will use the KALI Linux distribution as in other tutorials about penetration testing and ethical hacking. This package also includes ARPSPOOF tool, which is used for ARP spoof attack. To initiate a MAC flooding attack, we use the MACOF tool included in the DSNIFF package. In the following figure we can see that the switch knows about 1 MAC address (our attacking station) and has a capacity of 8189 inputs. The last line in this table indicates that the device with MAC address 5c: 26: 0a: 19: dc: c6 is available via Fa0 / 1 port, belongs to Vlan1 and the switch has learned dynamically about this device. In the figure below, you can see how the CAM table looks, to which one computer is connected. ![]() An attacker can easily capture this communication and analyze its content, for example, in Wireshark. Subsequently, the switch will start act as an Ethernet HUB, meaning it will be forward traffic to all physical ports. MITIGATE MAC ADDRESS FLOODING ON ALL CISCO DEVICES FOR MACOnce this table is filled, there will be no space for MAC addresses of new devices that are trying to communicate. The vulnerability lies in the fact that the size of this table is limited. Based on this table, the switch decides which port to send traffic to. Switch puts entries to CAM table where are stored MAC address and port mapping of the devices that communicate through it. MAC flooding exploits the vulnerability resulting from the basic operation of the switch. In this article, we’ll show how this attack looks and how to effectively protect our devices against it. MAC flooding is an attack that manipulates the behaviour of the ethernet switch so that the traffic that passes through it can be captured.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |