Specifications

CHAPTER 7

Campus Network Security

MAC Address-Based Attacks

Common MAC address-based attacks rely on flooding the CAM table and can be mitigated by using port security and

port-based authentication.

MAC Address Flooding

In a MAC address flooding attack, the attacker fills the switch’s Content Addressable Memory (CAM) table with invalid

MAC addresses. After the table is full, all traffic with an address not in the table is flooded out all interfaces. This has two

bad effects: more traffic on the LAN and more work for the switch. This can also cause the CAM tables of adjacent

switches to overflow. Additionally, the intruder’s traffic is also flooded, so they have access to more ports than they would

normally have. After the attack stops, CAM entries age out and life returns to normal. However, meanwhile the attacker

might have captured a significant amount of data.

Port security and port-based authentication can help mitigate MAC address attacks.

Port Security

Port security limits the number of MAC addresses allowed per port and can also limit which MAC addresses are allowed.

Allowed MAC addressed can be manually configured or the switch can sticky learn them. Table 7-1 lists port security

commands; these are given at the interface.

[ 80 ]

CCNP SWITCH 642-813 Quick Reference by Denise Donohue

9781587140112.qxd 11/23/09 11:35 AM Page 80