Suggested Answer:Explanation🗳️
MAC flooding is an attack technique in which frames with unique, but invalid, source MAC addresses flood the switch and exhaust the CAM table space. Eventually no more MAC addresses can be added because the table is full. When this occurs, any packets destined for a MAC address not in the table will be flooded to all other ports. This would allow the attacker to see the flooded traffic and capture information. The switch would be essentially functioning as a hub in this case. Two methods of mitigating these attacks are:
Implementing port security -
Implementing VLAN access maps - VLAN hopping is an attack that allows an attacker to access network resources on a different VLAN without passing through a router. The attacker can create a packet with two 802.1Q VLAN headers on it (called double tagging) and send it to a switch. The switch port will strip off the first header and leave the second. The second header will be seen as the originating VLAN, allowing the attacker access to a VLAN they are not connected to. Executing the switchport mode access command on all non-trunk ports can help prevent this attack. Pruning the native VLAN from a trunk link can also help. VLAN hopping is a security concern because it can be accomplished without the packet passing through a router and its security access lists. For this reason, private VLANs and VACLs should be used to secure access between VLANs. Techniques to prevent these attacks are: Prevent automatic trunk configurations by explicitly turning off Dynamic Trunking Protocol on all unused ports Place unused ports in a common unrouted VLAN MAC spoofing is an attack that allows an attacking device to receive frames intended for a different host by changing an assigned Media Access Control (MAC) address of a networked device to a different one. Changing the assigned MAC address may allow the device to bypass access control lists on servers or routers, either hiding a computer on a network or allowing it to impersonate another computer. A rogue device is a device attached to the network that is not under the control of the organization. This term is normally used to mean a wireless device, perhaps an access point that is not operating as a part of the company's infrastructure. Employees may bring their own access points and connect them to the network so they can use their computer wirelessly. This creates a security gap since the device is probably not secured to protect the traffic. An attacker could connect a rogue access point to a company's network and capture traffic from outside the company's premises. Objective:
Layer 2 Technologies - Sub-Objective: Configure and verify switch administration References: Cisco > Products and Services > Switches > Cisco Catalyst 6500 Series Switches > Product Literature > White Papers > Cisco Catalyst 6500 Series Switches > VLAN Security White Paper > MAC Flooding Attack
Correct Answer: D
Explanation/Reference:
Explanation:
MAC flooding is an attack technique in which frames with unique, but invalid, source MAC addresses flood the switch and exhaust the CAM table space. Eventually no more MAC addresses can be added because the table is full. When this occurs, any packets destined for a MAC address not in the table will be flooded to all other ports. This would allow the attacker to see the flooded traffic and capture information. The switch would be essentially functioning as a hub in this case.
Two methods of mitigating these attacks are:
Implementing port security
Implementing VLAN access maps
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.300-115 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Faisallt
5 years, 2 months ago