MACFlooding

MAC flooding is a security vulnerability and attack against network switches, typically in Ethernet LANs. In a switched network, switches learn the association between MAC addresses and switch ports by observing frames. This learning is stored in a limited-capacity table sometimes called the CAM (Content Addressable Memory) table. A MAC flooding attack attempts to exhaust that table by rapidly sending frames with a large number of spoofed source MAC addresses. Once the table is full, the switch can no longer learn new addresses and may be forced to flood frames to all ports in the broadcast domain. As a result, devices that would normally communicate only with specific switch ports may receive traffic they are not intended to see, enabling potential eavesdropping or man-in-the-middle activity.

The attack relies on the presence of a finite CAM table and the switch’s behavior when it

Defenses focus on limiting or eliminating the conditions that enable flooding. Common countermeasures include enabling port