4.2 Summarize various types of attacks and their impact
Network Attacks
📘CompTIA Network+ (N10-009)
1. What is MAC Flooding?
- MAC stands for Media Access Control. Every network device (like a computer, switch, or printer) has a unique MAC address that identifies it on the local network.
- MAC Flooding is a type of attack targeting network switches.
- In this attack, an attacker sends a huge number of fake MAC addresses to the switch’s MAC address table (also called a CAM table).
2. How it works
- A switch keeps a MAC address table to know which device is connected to which port.
- Example: MAC
AA:BB:CC:DD:EE:01→ Port 1, MACAA:BB:CC:DD:EE:02→ Port 2.
- Example: MAC
- During a MAC flooding attack:
- The attacker floods the switch with thousands of fake MAC addresses.
- The switch’s MAC table gets full.
- Once the table is full, the switch cannot learn new addresses.
- The switch enters “fail-open” mode, where it forwards all incoming traffic to all ports (like a hub).
- This allows the attacker to intercept or sniff network traffic that was supposed to be private.
3. Impact of MAC Flooding
- Network traffic exposure: Sensitive data may be captured, such as passwords or confidential files.
- Network performance issues: The switch acts like a hub, sending traffic to all ports, which increases congestion.
- Security breach: Attackers can perform man-in-the-middle attacks once traffic is being broadcasted to all ports.
4. How MAC Flooding is used in IT environments
- Attackers might target office networks or data center switches.
- They often combine MAC flooding with packet sniffers to capture passwords, emails, or other confidential data from other devices on the same network.
- Network security teams monitor switch logs and unusual MAC table growth to detect these attacks.
5. How to prevent MAC Flooding
- Port Security on Switches
- Configure switches to limit the number of MAC addresses per port.
- Example: If a port is only for one computer, allow only 1 MAC address.
- Enable MAC Address Filtering
- Only allow known MAC addresses on each port.
- Use VLANs
- Segment the network to limit the impact of a MAC flooding attack.
- Monitor Network Traffic
- Look for suspicious spikes in MAC address changes or ARP table updates.
6. Key Exam Points
For CompTIA Network+ (N10-009), you should remember:
| Topic | Exam Notes |
|---|---|
| Definition | MAC Flooding is an attack where a switch’s MAC address table is overloaded with fake MAC addresses. |
| Target | Network switches, specifically the MAC/CAM table. |
| Impact | Traffic is sent to all ports (like a hub), exposing sensitive data. |
| Detection | Unusual MAC table growth, sudden traffic increase, network slowdown. |
| Prevention | Port security, MAC filtering, VLAN segmentation, network monitoring. |
✅ Summary in simple words:
MAC flooding attacks trick a switch into sending all traffic everywhere by overloading its MAC table. This exposes sensitive data to attackers. It can be prevented by configuring port security, MAC filtering, VLANs, and monitoring traffic.
If you want, I can create a small diagram showing a MAC flooding attack in a network environment that would make it super clear for students and perfect for your website. It’ll be IT-focused, no real-life analogies.
Do you want me to do that?
ChatGPT can make mistakes. Check important info.
