MAC flooding is a method that can be used to impact the security protocols of different types of network switches. Essentially, MAC flooding inundates the network switch with data packets that disrupt the usual sender to recipient flow of data that is common with MAC addresses. The end result is that rather than data passing from a specific port or sender to a specific recipient, the data is blasted out across all ports.
The basics of MAC flooding begin with a corruption of the translation table that is part of the function of the network switch. When functioning properly, the table will map each individual MAC address that is found on the network. Each MAC address is associated with a physical port on the network switch. This approach makes it possible to designate a specific and single point of termination for data sent across the network.
By flooding the switch with data packets, the translation table is thrown out of kilter and the connection between the ports and specific MAC addresses is destroyed. Instead, any data that is intended for a single MAC address is now sent out on all ports associated with the network. This means that any type of data that was intended for a single address is received by multiple addresses.
Part of the disruption process of MAC flooding is creating a state where the memory capacity of the switch that is set aside for these point to point transmissions of data is quickly consumed. When the memory set aside for this type of transmission is no longer available, messages spill over and memory capacity that is used for group messages is utilized. At the same time, the protocols for sending group messages comes into play, allowing the message to be sent out to many points of destination.
MAC flooding can be a great way to gain access to all sorts of data, including system passwords, protected files, and even email and instant messaging conversations. Because of the security risk that MAC flooding represents, many switches today can be configured to either provide extra security to specific MAC addresses, or to even shut down the switch in the event too much data floods into a given port.