Cisco Ethernet switch Manuel d'utilisateur télécharger pdf (Page 18)

181818

l2-security-bh.ppt

CAM Table Full!

¥ Dsniff (macof) can generate 155,000 MAC entries on a

switch per minute

¥ Assuming a perfect hash function, the CAM table will be

completely filled after 131,052 (approx. 16,000 x 8) entries

Since hash isnÕt perfect it actually takes 70 seconds to fill the

CAM table

¥ Once table is full, traffic without a CAM entry floods on the

local VLAN, but NOT existing traffic with an existing CAM

entry

¥ This attack will also fill CAM tables of adjacent switches

CAT6506 (enable) sho cam count dynamic

Total Matching CAM Entries = 131052

10.1.1.22 -> (broadcast) ARP C Who is 10.1.1.1, 10.1.1.1 ?

10.1.1.22 -> (broadcast) ARP C Who is 10.1.1.19, 10.1.1.19 ?

10.1.1.26 -> 10.1.1.25 ICMP Echo request (ID: 256 Sequence number: 7424) ßß

ßß

OOPS

10.1.1.25 -> 10.1.1.26 ICMP Echo reply (ID: 256 Sequence number: 7424) ßß

ßß

OOPS

Snoop output on non-SPAN port 10.1.1.50

1 2 ... 13 14 15 16 17 18 19 20 21 22 23 ... 83 84

Pas de commentaire

Cisco Ethernet switch Manuel d'utilisateur Page 18