With which type of Layer 2 attack can you intercept traffic that is destined for one host?
A.
MAC spoofing
B.
CAM overflow….
C.
?
D.
?
Explanation:
BD
Edit: I’m reconsidering the answer for this question to be A. MAC spoofing.
Cisco implemented a technology into IOS called Port Security that mitigates the risk of a Layer 2 CAM overflowattack.
Port Security on a Cisco switch enables you to control how the switch port handles the learning and storing of
MAC addresses on a per-interface basis. The main use of this command is to set a limit to the maximum
number of concurrent MAC addresses that can be learned and allocated to the individual switch port.
If a machine starts broadcasting multiple MAC addresses in what appears to be a CAM overflow attack, the
default action of Port Security is to shut down the switch interface
Source: http://www.ciscopress.com/articles/article.asp?p=1681033&seqNum=2
Answer A as a cam-overflow will open up more than one host:
A CAM overflow attack occurs when an attacker connects to a single or multiple switch ports and then runs a tool that mimics the existence of thousands of random MAC addresses on those switch ports. The switch enters these into the CAM table, and eventually the CAM table fills to capacity. When a switch is in this state, no more new MAC addresses can be learned; therefore, the switch starts to flood any traffic from new hosts out of all ports on the switch.