The technique of a MAC flooding attack

The idea behind an attack is to send a huge amount of ARP responses to a switch, overloading it.

Once the switch is overloaded, it switches to hub mode, which means it will forward traffic to every computer on the network. All the intruder has to do now is run a sniffer to capture all the traffic.

This attack does not work on every switch. Many newer switches have built-in protection against this attack.

Macoff

The Macof fills the cam table in less than a minute, as it sends a huge number of MAC entries of about 155.000 per minute, to be more specific.

Its use is extremely simple. All we have to do is execute the command. " macof From our terminal. This tool is already installed on all versions of Kali Linux.

Once the cam table is flooded, we can open it Wireshark and start recording the movement. By default, Wireshark is configured to record continuous traffic.

However, you do not need to sniff when a switch enters hub mode, as the motion is already discrete.

But in ARP Poisoning, the ARP would always trust that the answer comes from the correct one . Because of this flaw in its design, it cannot in any way verify that the ARP reply was sent by the correct device.

The way it works is that an attacker would send a fake ARP response to any computer on a network to make it believe that a particular IP is associated with a particular MAC address, thus poisoning the ARP cache that tracks IP addresses in MAC .

So, these two , namely ARP Poisoning and Mac Flooding, are related to the ARP Protocol.

To see more about macof, just type " macof -h ”Which shows you all the best possible options.

Usage: macof [-s src] [-d dst] [-e tha] [-x sport] [-y dport] [-i interface] [-n times]

  • -i interface Define it for shipment.
  • -s src Specify the source IP address.
  • -d dst Specify the destination IP address.
  • -e tha Specify the hardware address.
  • -x sports Specify the TCP source port.
  • -y dport Specify the destination TCP port.
  • -n times Specify the number of packages to send.

For Simple Flooding, the command is " macof -i eth0 -n 10 "

For targeted Flooding, the command is " macof -i eth0 -n 10 -d 192.168.220.140 "

Some of the most important countermeasures against MAC Flooding are:

  1. Port security - Limits the number of MAC addresses connected to a port on the switch.
  2. Application of 802.1X - Enables packet filtering rules issued by an AAA host server based on clients' dynamic learning.
  3. MAC Filtering -  Limits the number of MAC addresses to some extent.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.082 registrants.

hackershackingMAC flooding

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

One Comment

Leave a Reply

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).