Security Basics mailing list archives
RE: about CAM table overflow attack?
From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 24 Apr 2006 10:19:36 -0700
The switch has a separate CAM table for every VLAN. Whether the filling of the CAM table for one VLAN affects just that VLAN, or the entire switch, will depend on how those tables are allocated, and will vary from manufacturer to manufacturer, and perhaps from model to model and code release to code release. However: The attacker's port is usually a member of a specific VLAN, and a working switch will only deliver traffic to that port if it's within that VLAN. Also, there will be traffic on that VLAN that the attacker does not see *unless* he overflows the CAM tables for that VLAN on every switch in the network. David Gillett
-----Original Message----- From: Monty Ree [mailto:chulmin2 () hotmail com] Sent: Tuesday, April 18, 2006 4:23 AM To: security-basics () securityfocus com Subject: about CAM table overflow attack? Hello, all. I have read some documents about CAM table overflow(or mac flooding, switch jam) attack. I have some questions about this. If some attacker executes macof for sometime, so CAM tables would be overflowed. 1. then attacker can see other traffic only which in a same VLAN? 2. or attacker can see all traffic(over vlan) which switch services, like dummy hub? Thanks in advance. _________________________________________________________________ 확인하자. 오늘의 운세 무료 사주, 궁합, 작명, 전생 가이드 http://www.msn.co.kr/fortune/default.asp -------------------------------------------------------------- ----------- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php -------------------------------------------------------------- ------------
------------------------------------------------------------------------- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------
Current thread:
- about CAM table overflow attack? Monty Ree (Apr 18)
- RE: about CAM table overflow attack? Network Security (Apr 18)
- RE: about CAM table overflow attack? David Gillett (Apr 24)
- <Possible follow-ups>
- Re: about CAM table overflow attack? inoutsec (Apr 18)
- Re: about CAM table overflow attack? Rick Zhong (Apr 19)
- RE: about CAM table overflow attack? Network Security (Apr 19)
- Re: about CAM table overflow attack? Rick Zhong (Apr 19)