1_4_8 Section 1 – Attacks, Threats, and Vulnerabilities - 1.4 – Network Attacks - MAC Flooding and Cloning

Questions and Answers

What does the term MAC address refer to in networking?

• Memory Allocation Card address
• Media Acceleration Control address
• Memory Access Control address
• Media Access Control address (correct)

How long is an Ethernet MAC address in bits?

• 64 bits
• 32 bits
• 8 bits
• 48 bits (correct)

What do the first three bytes of a MAC address represent?

• Manufacturer portion
• Organizationally Unique Identifier (correct)
• Serial number
• Frame identifier

What function do switches perform at the MAC address level?

Interpret data frames and forward traffic between interfaces (C)

Why does a switch maintain a list of MAC addresses on the local network?

To know where to send incoming frames based on destination MAC addresses (C)

What is a significant operational requirement for switches in larger environments?

Maintaining a loop-free environment (B)

What is a common method attackers use to view network traffic?

Spoofing or cloning a MAC address (A)

What feature on most switches protects against MAC flooding?

Flood guard (C)

How can an attacker create a denial-of-service situation on a network?

By spoofing a MAC address (A)

What allows an attacker to match an existing allow list and gain unauthorized access to a network?

Spoofing a MAC address (D)

In what way does changing the MAC address help attackers gain unauthorized access?

By matching the MAC address of a legitimate device (C)

Why do most network drivers allow users to modify the MAC address of their devices?

To provide flexibility in addressing schemes (A)

What protocol is typically used to keep a network up and running?

STP (C)

What action does a switch take if it receives traffic with an unknown MAC address?

It adds the MAC address to its table (A)

In the example provided, where is Sam's MAC address located in the switch's MAC address table?

F0/1 (C)

What happens when a switch reaches maximum capacity in its MAC address table?

It turns into a hub and sends all frames to all interfaces (B)

What is one challenge associated with a switch's MAC address table?

Attackers can exploit its limited capacity by sending traffic with different MAC addresses (B)

When a frame reaches a switch, how does it determine where to send the information?

By evaluating the destination MAC address (C)

What happens if a switch receives a frame with a MAC address already in its table?

It updates the port associated with that MAC address (A)

What does a switch do if it encounters a limitation in its MAC address storage capacity?

It floods all frames to every interface (D)

What does it mean when a switch behaves like a hub?

It sends all frames to every interface without addressing specific devices (D)

How does a switch differentiate itself from a hub?

By maintaining a table of MAC addresses and forwarding based on them (D)

What does the Organizationally Unique Identifier (OUI) represent in a MAC address?

The manufacturer of the network card (B)

What is the purpose of the last three bytes in an Ethernet MAC address?

Represent the specific card's serial number (D)

How do switches maintain a loop-free environment in networking?

By assigning unique MAC addresses to each network interface card (B)

In networking, what is the significance of switches interpreting the frame at the MAC address level?

Determining whether to forward or drop incoming traffic (C)

Why do we refer to the MAC address as the 'physical address' of a network card?

Due to its unique value assigned by manufacturers (A)

What unique characteristic differentiates the first three bytes from the last three bytes in an Ethernet MAC address?

First three bytes identify manufacturers, last three represent serial numbers (A)

What method can an attacker use to circumvent existing security devices and match the MAC address of a legitimate device on the network?

Spoofing a MAC address (C)

How do most switches protect against MAC flooding and prevent overloading of the MAC address table?

Using a feature called flood guard (C)

What can an attacker achieve by modifying the MAC address of their device to match another device on the network?

Accessing the network without authentication (A)

Why is it relatively easy for attackers to clone or modify MAC addresses?

The flexibility of network interface card settings (A)

What is one common outcome when an attacker uses the same MAC address as another user on the network?

Creation of a denial-of-service situation (C)

How can an attacker use MAC address spoofing to disrupt network operations?

To create a denial-of-service situation (A)

What does a switch do if it receives traffic with a MAC address not listed in its MAC address table?

It floods the traffic to all interfaces. (C)

What is one consequence of a switch's MAC address table reaching maximum capacity?

The switch turns into a hub, sending all frames to all interfaces. (D)

How does a switch handle frames received with a MAC address already listed in its table?

It forwards the frame to the correct interface. (A)

If an attacker floods a switch with thousands of new MAC addresses, what is the likely outcome?

The switch's MAC address table will fill up and behave like a hub. (C)

What does it mean when a switch acts as a hub due to its MAC address table limitations?

The switch sends every frame to every interface. (D)

What action does a switch take if it encounters a limitation in its MAC address storage capacity?

It behaves like a hub and sends all frames to all interfaces. (C)

Why is flooding a switch with new MAC addresses considered an attack technique?

It overloads the switch's memory capacity. (C)