Network attacks take many forms, and it's important to know how the potential security issues with ARP, DHCP, and MAC addresses. They're innocent looking enough, but each of these common network protocols and addresses can be turned against us. Today, we'll talk about what MAC Address Flooding is, how it can be used against our network, and the best defense against this attack.
A MAC Address Flooding attack is an attempt by a network intruder to overwhelm the switch memory reserved for maintenance of the MAC address table. The intruder generates a large number of frames with different source MAC addresses - all of them invalid. As the switch's MAC address table capabilities are exhausted, valid entries cannot be made - and this results in those valid frames being broadcast instead of unicast.
This has two side effects, both unpleasant:
As mentioned, the MAC address table fills to capacity, preventing legitimate entries from being made.
The large number of unnecessary frame flooding quickly consumes bandwidth as well as overall switch resources.
The best defense against MAC Address Flooding is a good offense, and in this case, that offense consists of port-based authentication and port security. By making sure our host devices are indeed who we think they are and authenticating them before they join our network, we reduce the potential for an intruder to unleash a MAC Address Flooding attack on our network. The key isn't to fight the intruder once they're in our network - the key is to keep them out in the first place!
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of free CCNP exam and CCNA Certification tutorials, The Ultimate CCNA Study Package, and Ultimate CCNP Study Packages.
You can also visit his blog, which is updated several times daily with new Cisco certification articles, free tutorials, and daily CCNA / CCNP exam questions! Details are on the website.
For a FREE copy of his latest e-books, “How To Pass The CCNA" and “How To Pass The CCNP", just visit the website! You can also get FREE CCNA and CCNP exam questions every day!
Log in to become a member of Chris Bryant CCIE 12933's Fan Club!
No comments yet.
Was this article helpful to you? Leave a Public Comment or Question:
This Article has been viewed 480 times.
Article added to SearchWarp.com on 5/12/2007 11:27:46 AM. View other articles written byChris Bryant CCIE 12933(14,065)
If you found this article interesting, you may want to check out:
Disclaimer: All information on this site is provided for informational purposes only! By no means is any
information presented herein intended to substitute for the advice provided to you by any health care or other professional
or organization.
