This is illustrated in Figure 7-11.
Figure 7-11. MAC Spoofing Illustrated
[View full size image]
Background
As discussed earlier, when a frame is received on the switch, the switch looks up the destination MAC address in
the CAM table and forwards the frame to the corresponding egress port designated in the MAC table.
The Problem
As illustrated in Figure 7-11, the switch has built its MAC address table (also called CAM table) by mapping Host
A on port 1, Host B on port 2, Host C on port 3, and Host D on port 4. An attacker crafts an Ethernet frame
forging (spoofing) the source MAC address of another host (for example, Host C in the diagram), causing the
switch to overwrite the CAM table entry to point the MAC address to the attacker physical port 1 instead of the
port connecting the real Host C on port 3. When Host D (or any other host) sends a packet destined to the MAC
address of Host C, the switch will forward all packets destined for Host C to the attacker, because the CAM table
entry is poisoned, as highlighted in Figure 7-11.
When the real host sends traffic to the switch, the switch rewrites the CAM table entry, once more moving back
to the original port connected to the real host.
Pages:
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404