MAC Flooding

MAC Flooding

It is a technique used to compromise the security of network switches that connect network segments or network devices. These switches map individual MAC addresses on the network to the physical ports on the switch through the means of a CAM table. Unlike a hub, which broadcasts the data across the network, the switch sends data only to the intended recipient. Thus, a switched network is more secure when compared to hub  Network. But, it can still be compromised by the fact that switches have limited memory to store MAC address tables and turn into hubs when flooded with MAC address beyond their storage. The technique used to compromise a switched network based on limited storage is called MAC flooding.
Typical MAC flooding involves flooding a switch with numerous requests with different fake source MAC address. No problem occurs until the MAC address table is full. Once the MAC address table is full, any further requests may force the switch to enter "failopen mode" A switch in failopen mode acts like a hub and broadcasts data to all machines on the network.