MAC Address Flooding
In a MAC address flooding attack, the attacker fills the switch’s Content
Addressable Memory (CAM) table with invalid MAC addresses. After the table
is full, all traffic with an address not in the table is flooded out all interfaces.
This has two bad effects—more traffic on the LAN and more work for the
switch. Additionally, the intruder’s traffic is also flooded, so they have access
to more ports than they would normally have. After the attack stops, CAM
entries age out and life returns to normal. However, meanwhile the attacker
might have captured a significant amount of data.
Port security and port-based authentication can help mitigate MAC address
attacks.