What is MAC Flooding?
MAC flooding is a method that can be used to impact the security protocols of different types of network switches. Essentially, MAC flooding inundates the network switch with data packets that disrupt the usual sender to recipient flow of data that is common with MAC addresses. The end result is that rather than data passing from a specific port or sender to a specific recipient, the data is blasted out across all ports.
The basics of MAC flooding begin with a corruption of the translation table that is part of the function of the network switch. When functioning properly, the table will map each individual MAC address that is found on the network. Each MAC address is associated with a physical port on the network switch. This approach makes it possible to designate a specific and single point of termination for data sent across the network.
By flooding the switch with data packets, the translation table is thrown out of kilter and the connection between the ports and specific MAC addresses is destroyed. Instead, any data that is intended for a single MAC address is now sent out on all ports associated with the network. This means that any type of data that was intended for a single address is received by multiple addresses.
Part of the disruption process of MAC flooding is creating a state where the memory capacity of the switch that is set aside for these point to point transmissions of data is quickly consumed. When the memory set aside for this type of transmission is no longer available, messages spill over and memory capacity that is used for group messages is utilized. At the same time, the protocols for sending group messages comes into play, allowing the message to be sent out to many points of destination.
MAC flooding can be a great way to gain access to all sorts of data, including system passwords, protected files, and even email and instant messaging conversations. Because of the security risk that MAC flooding represents, many switches today can be configured to either provide extra security to specific MAC addresses, or to even shut down the switch in the event too much data floods into a given port.
@Grinderry I’m sure that in this current age of computers and technology there are ways to prevent this from happening. There are multiple checks and balances that can avert this situation, to the point where it’s not as big a threat as it used to be. From managed switches to the protocols being handled differently by the resident OS on the device.
would imagine this is something that a lot of network administrators would keep an eye out for and that there are measures and various means to avoid this from happening to a network that can not afford to have their connection slow or their data not getting where it needs to be.
I have witnessed this first hand at my place of work and it is truly a scary thing to see. When all of a sudden you’re not able to send or receive an email from the person in the cubicle next to you, or the entire network becomes so slow that it comes to a complete crawl and the only solution I’ve seen was to shut down the server and to reboot it then login quickly and see what ports or how you can stop the flood of data.
Post your comments