# MAC Flooding Attack Explained ## Метаданные - **Канал:** PowerCert Animated Videos - **YouTube:** https://www.youtube.com/watch?v=ZwQREzriwpA - **Источник:** https://ekstraktznaniy.ru/video/30218 ## Транскрипт ### Segment 1 (00:00 - 04:00) [] What is MAC flooding? So that is the topic of this video. Now MAC flooding is an attack on the network where a hacker floods a switch with fraudulent MAC addresses in order to cause a disruption and expose sensitive data. So what is a MAC address? A MAC or media access control address is an identifier that every network device uses to uniquely identify itself on the network. So no two devices anywhere in the world will have the same MAC address. It's a six byte hexadimal number that is burned into every network interface card by its manufacturer. So here is how it works. Now whenever a device wants to join a network, it gets connected to a switch. A switch is a networking device that connects all of your network devices together on the network. Now a switch is considered intelligent because a switch can actually learn the MAC addresses of the devices that are connected to it and it stores these MAC addresses in its table. So when data is sent to a switch, it's directed only to the intended destination port. So if this computer here wanted to communicate with this computer over here, the data or frame arrives at the switch and then the switch will look at its table of MAC addresses and matching ports and deliver the frame to that port and then the frame would go to that computer. Now prior to switches, networks used hubs. Now, hubs are similar to switches, but the difference is that hubs are not intelligent because they don't use a table. So, they don't store MAC addresses, which means that they have no clue what devices are connected to its ports. So, when a frame arrives at a port on a hub, and because it doesn't know which port to send it to, the hub will just forward the frame to every port. So every device will receive the frame regardless if it was meant for that device or not. So this caused a lot of unnecessary traffic on the network and it can also create security concerns which is one of the reasons why hubs are not used or made anymore. So if a hacker wanted to expose sensitive data on this network, the hacker can use MAC flooding. So what happens is that the hacker can join the network and start sending a flood of data to the switch with fraudulent entries of fake MAC addresses with the intent of overwhelming the switch. And when the switch receives these entries, the switch's table gets overwhelmed because its memory can't process the flood of traffic. So what'll happen is that the switch will now default into fail open mode. Fail open mode is basically when a switch turns into a hub and starts forwarding traffic to every port. And when a switch is in this mode, it opens the door for the hacker to use a program such as a packet sniffer to capture network data and steal sensitive information. In fact, MAC flooding is typically one of the first steps that a hacker uses before using more advanced attacks because it opens the door for other attacks to happen. Now, there are certain things that you can do to prevent a MAC flooding attack, and one of those is by using port security. By using port security, you can limit the amount of new MAC addresses that can be added to a switch's table. This allows the switch to store legitimate MAC addresses and reject fraudulent ones. And another way is by using MAC address filtering. This method configures a switch to only accept data from legitimate MAC addresses. So guys, I want to thank you for watching this video on MAC flooding. And also, if you want to help support my channel, you can become a member by clicking the join button below, and you'll get access to exclusive behindthe-scenes content, such as how I make my videos, what I'm working on, and what's coming next.