1_4_8 Section 1 – Attacks, Threats, and Vulnerabilities - 1.4 – Network Attacks - MAC Flooding and Cloning

Questions and Answers

What does the term MAC address refer to in networking?

Memory Allocation Card address

Media Acceleration Control address

Memory Access Control address

Media Access Control address (correct)

How long is an Ethernet MAC address in bits?

64 bits

32 bits

8 bits

48 bits (correct)

What do the first three bytes of a MAC address represent?

Manufacturer portion

Organizationally Unique Identifier (correct)

Serial number

Frame identifier

What function do switches perform at the MAC address level?

Interpret data frames and forward traffic between interfaces

Why does a switch maintain a list of MAC addresses on the local network?

To know where to send incoming frames based on destination MAC addresses

What is a significant operational requirement for switches in larger environments?

Maintaining a loop-free environment

What is a common method attackers use to view network traffic?

Spoofing or cloning a MAC address

What feature on most switches protects against MAC flooding?

Flood guard

How can an attacker create a denial-of-service situation on a network?

By spoofing a MAC address

What allows an attacker to match an existing allow list and gain unauthorized access to a network?

Spoofing a MAC address

In what way does changing the MAC address help attackers gain unauthorized access?

By matching the MAC address of a legitimate device

Why do most network drivers allow users to modify the MAC address of their devices?

To provide flexibility in addressing schemes

What protocol is typically used to keep a network up and running?

STP

What action does a switch take if it receives traffic with an unknown MAC address?

It adds the MAC address to its table

In the example provided, where is Sam's MAC address located in the switch's MAC address table?

F0/1

What happens when a switch reaches maximum capacity in its MAC address table?

It turns into a hub and sends all frames to all interfaces

What is one challenge associated with a switch's MAC address table?

Attackers can exploit its limited capacity by sending traffic with different MAC addresses

When a frame reaches a switch, how does it determine where to send the information?

By evaluating the destination MAC address

What happens if a switch receives a frame with a MAC address already in its table?

It updates the port associated with that MAC address

What does a switch do if it encounters a limitation in its MAC address storage capacity?

It floods all frames to every interface

What does it mean when a switch behaves like a hub?

It sends all frames to every interface without addressing specific devices

How does a switch differentiate itself from a hub?

By maintaining a table of MAC addresses and forwarding based on them

What does the Organizationally Unique Identifier (OUI) represent in a MAC address?

The manufacturer of the network card

What is the purpose of the last three bytes in an Ethernet MAC address?

Represent the specific card's serial number

How do switches maintain a loop-free environment in networking?

By assigning unique MAC addresses to each network interface card

In networking, what is the significance of switches interpreting the frame at the MAC address level?

Determining whether to forward or drop incoming traffic

Why do we refer to the MAC address as the 'physical address' of a network card?

Due to its unique value assigned by manufacturers

What unique characteristic differentiates the first three bytes from the last three bytes in an Ethernet MAC address?

First three bytes identify manufacturers, last three represent serial numbers

What method can an attacker use to circumvent existing security devices and match the MAC address of a legitimate device on the network?

Spoofing a MAC address

How do most switches protect against MAC flooding and prevent overloading of the MAC address table?

Using a feature called flood guard

What can an attacker achieve by modifying the MAC address of their device to match another device on the network?

Accessing the network without authentication

Why is it relatively easy for attackers to clone or modify MAC addresses?

The flexibility of network interface card settings

What is one common outcome when an attacker uses the same MAC address as another user on the network?

Creation of a denial-of-service situation

How can an attacker use MAC address spoofing to disrupt network operations?

To create a denial-of-service situation

What does a switch do if it receives traffic with a MAC address not listed in its MAC address table?

It floods the traffic to all interfaces.

What is one consequence of a switch's MAC address table reaching maximum capacity?

The switch turns into a hub, sending all frames to all interfaces.

How does a switch handle frames received with a MAC address already listed in its table?

It forwards the frame to the correct interface.

If an attacker floods a switch with thousands of new MAC addresses, what is the likely outcome?

The switch's MAC address table will fill up and behave like a hub.

What does it mean when a switch acts as a hub due to its MAC address table limitations?

The switch sends every frame to every interface.

What action does a switch take if it encounters a limitation in its MAC address storage capacity?

It behaves like a hub and sends all frames to all interfaces.

Why is flooding a switch with new MAC addresses considered an attack technique?

It overloads the switch's memory capacity.