Popular DoS tools such as MACOF and DSNIFF are available to
launch this type of attack. The switch eventually times out older MAC address entries from the CAM table and
reverts back to acting like a switch again.
CAM Table Overflow Attack Mitigation
The CAM table overflow attack can be effectively mitigated by configuring the Port Security feature on the
switch. Port security can be enabled for static MAC addresses seen on a particular switch port or dynamic MAC
addresses by specifying the number of MAC addresses that can be learned by a switch port. Switch ports can be
configured for port violation when an invalid source MAC address is detected, to either block the offending MAC
address or shut down the port.
Port security is discussed in detail in Chapter 4, with configuration examples.
MAC Spoofing Attack
MAC spoofing is a technique used to spoof source MAC addresses to impersonate other hosts or devices in a
network. This is different from an ARP spoofing attack. In ARP spoofing, the switch is misguided by poisoning
the ARP cache, whereas with MAC spoofing, the switch is confused to believe two ports have the same MAC
address, thereby forcing the switch to attempt to forward frames destined for the trusted host to the attacker.
Pages:
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403