CAM Table Overflow Attacks

The content-addressable memory (CAM) table in a switch stores information, such as MAC addresses and associated VLAN parameters. It is similar to a router's routing table. CAM tables have a fixed size.

A MAC address is a 48-bit hexadecimal number composed of two descriptive fields. The first 24 bits comprise the manufacturer code assigned by the IEEE. The second 24 bits comprise the specific interface number assigned by the hardware manufacturer. A MAC address of FF.FF.FF.FF.FF.FF is a broadcast address. Each MAC address is a unique series of numbers, similar to serial numbers or LAN IP addresses. A manufacturer should not have two devices with the same MAC address.

When a Layer 2 switch receives a frame, the switch looks in the CAM table for the destination MAC address. If an entry exists for that MAC address, the switch forwards the frame to the port identified in the CAM table for that MAC address. If the MAC address is not in the CAM table, the switch forwards the frame out all ports on the switch. If the switch sees a response as a result of the forwarded frame, it updates the CAM table with the port on which the communication was received.

In a typical LAN environment where there are multiple switches connected on the network, all the switches receive the unknown destination frame. Figure 14-1 shows the CAM table operation.

0 0

Post a comment