| 词条 | MAC flooding |
| 释义 |
In computer networking, a media access control attack or MAC flooding is a technique employed to compromise the security of network switches. The attack works by forcing legitimate MAC table contents out of the switch and forcing a unicast flooding behavior potentially sending sensitive information to portions of the network where it is not normally intended to go. Attack methodSwitches maintain a MAC table that maps individual MAC addresses on the network to the physical ports on the switch. This allows the switch to direct data out of the physical port where the recipient is located, as opposed to indiscriminately broadcasting the data out of all ports as an Ethernet hub does. The advantage of this method is that data is bridged exclusively to the network segment containing the computer that the data is specifically destined for. In a typical MAC flooding attack, a switch is fed many Ethernet frames, each containing different source MAC addresses, by the attacker. The intention is to consume the limited memory set aside in the switch to store the MAC address table.[1] The effect of this attack may vary across implementations, however the desired effect (by the attacker) is to force legitimate MAC addresses out of the MAC address table, causing significant quantities of incoming frames to be flooded out on all ports. It is from this flooding behavior that the MAC flooding attack gets its name. After launching a successful MAC flooding attack, a malicious user can use a packet analyzer to capture sensitive data being transmitted between other computers, which would not be accessible were the switch operating normally. The attacker may also follow up with an ARP spoofing attack which will allow them to retain access to privileged data after switches recover from the initial MAC flooding attack. MAC flooding can also be used as a rudimentary VLAN hopping attack.[2] Counter measuresTo prevent MAC flooding attacks, network operators usually rely on the presence of one or more features in their network equipment:
References1. ^{{cite web |url=http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml#wp39054 |title=VLAN Security White Paper: Cisco Catalyst 6500 Series Switches |work=Cisco Systems |year=2002 |accessdate=31 January 2015 |deadurl=yes |archiveurl=https://web.archive.org/web/20110608051916/http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml#wp39054 |archivedate=8 June 2011 |df= }} {{DEFAULTSORT:Mac Flooding}}2. ^{{citation |url=https://www.sans.org/reading-room/whitepapers/networkdevs/virtual-lan-security-weaknesses-countermeasures-1090 |title=Virtual LAN Security: weaknesses and countermeasures |author=Steve A. Rouiller |publisher=SANS Institute |access-date=2017-11-17}} 3. ^{{citation |title=Business Series Smart Gigabit Ethernet Switch User Guide |publisher=Linksys |date=2007 |page=22}} 4. ^{{cite web |url= http://wiki.freeradius.org/guide/Mac%20Auth |title=guide/Mac Auth |work=Freeradius.org |year=2015 |access-date=31 January 2015}} 5. ^{{cite web |url= http://packetlife.net/blog/2010/jun/4/blocking-unknown-unicast-flooding/ |title=Blocking Unknown Unicast Flooding |work=PacketLife.net |date=4 June 2010 |accessdate=31 January 2015}} 2 : Ethernet|Computer network security |
| 随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。