Switches deliver all frames based on mac address. CAM table maps what mac addresses are connected to what ports. It helps switches to send a frame uniquely to a certain MAC address. Without the help of CAM table the switch does not know where to forward a particular frame. The problem with the CAM table is that when the addresses go over the limit the switch floods out all the traffic in that VLAN as a broadcast. (Or we can say that the switch starts behaving like a hub.) An attacker can flood the switch with random mac address until the CAM table limit is reached. This kind of an attack occurs due to lack of authentication for the switch clients. A CAM overflow attack turns a switch into a hub, which enables the attacker to eavesdrop on a conversation and perform man-in-the-middle attacks.
No comments:
Post a Comment