The configuration is responsible for the limitation of the number of MAC addresses linked to ports connected to the end station. This is a safety mechanism which is normally installed by major switch manufacturers around the world. It is also known as "Port security" ou "Port security".
If you want to protect your computer, learn how to mitigate a MAC Flooding attack like a pro with these handy countermeasures: Port security Learn How to Mitigate a MAC Flooding Attack Like a Pro For this reason, given these symptoms, it is important to check whether it is a MAC Flooding attack. When this happens, it is normal for the computer to start showing slowness or difficulty accessing network resources. Therefore, in many cases, the cause of reduced performance is not fully investigated. However, on some occasions these alarming symptoms do not are not perceptible because the network gets used to their presence. In addition, it is necessary to check latency web services or if you are suffering from complete network drops. Likewise, it is important to check if sent data packets frequently end up being lost. If you notice a significant increase, your computer is probably suffering from MAC flood. First of all, you need to take into account the amount of normal traffic that circulates on the network. Here are symptoms the more obvious of MAC flooding. How to tell if you are under a MAC Flooding attack is not a complicated process. It is extremely important to recognize immediately if you are the victim of a cybercriminal. How do I know if I am under a MAC Flooding attack? More obvious symptoms Therefore, all private information is compromised. This includes passwords stored in the system, encrypted files, emails, or conversations made through instant messaging services.
Thanks to MAC Flooding, the attacker can have access to all kinds of data. When multiplying, the rest of the linked ports are flooded. If any access switch ports do not have UUFB enabled, this is a finding.Flooding occurs when the attacker causes an increase in traffic that consumes memory, which is reserved for transmissions of data. Review the switch configuration to verify that UUFB is enabled on all access switch ports as shown in the configuration example below: The UUFB feature will block unknown unicast traffic flooding and only permit egress traffic with MAC addresses that are known to exit on the port.Ĭisco IOS Switch L2S Security Technical Implementation Guide To mitigate the risk of a connectivity outage, the UUFB feature must be implemented on all access layer switches. Unknown unicast flooding has been a nagging problem in networks that have asymmetric routing and default timers. Large amounts of flooded traffic can saturate low-bandwidth links, causing network performance issues or complete connectivity outage to the connected devices.
When a router has an Address Resolution Protocol (ARP) entry for a destination host and forwards it to the access layer switch and there is no entry corresponding to the frame's destination MAC address in the incoming VLAN, the frame will be sent to all forwarding ports within the respective VLAN, which causes flooding. Access layer switches use the Content Addressable Memory (CAM) table to direct traffic to specific ports based on the VLAN number and the destination MAC address of the frame.