Ethernet Switches
The Theory.
- Learns MAC address from incoming packets
- Stores N MAC address/port pairs in a table
- Only send packets to port associated with given MAC address
The Reality.
- MAC table entries time out ("flood mode")
- May be able to overflow fixed size MAC tables (macof script)
- Gratuitous ARP (ARP spoofing)
- Switch is a network accelerator, not a security device
[Next]
|
[Prev]
|
[Top]
Dave Dittrich
<dittrich@cac.washington.edu>
Last modified: Thu Dec 9 21:03:56 PST 1999