Switches operating at Layer 2 of the OSI model are designed to be able to control the flow of data between their ports or interfaces. They do this by creating almost instant networks that contain only the two end devices communicating with each other so that information flow is increased to the optimal level. Devices not involved in this two-way communication are not involved at that moment in time.
At the data link layer (Layer 2 of the OSI model), the only mechanism permitted to allow communication is via the Media Access Control (MAC) address—a 48-bit (HEX) bit address.
Cisco switches build Content-Addressable Memory (CAM) tables to store the MAC addresses available on physical ports, along with their associated VLAN parameters. They are the Layer 2 equivalent of routing tables. If a device sends a frame to an unknown MAC address, the switch first receives the frame and then floods it out all ports or interfaces except where the originating frame was sourced from. Switches thereby provide a switching path between end users' devices.
Then why is the CAM table widely regarded as the weakest link in Cisco security? The next few sections describe some of today's most widely used mechanisms used to exploit the CAM table on Cisco switches, along with some other common exploits.
Switches are subjected to the following common attacks:
■ CAM table overflow
■ Spanning Tree Protocol manipulation
■ MAC address spoofing
■ DHCP starvation attacks
Was this article helpful?