Which type of Layer 2 attack causes a switch to flood all incoming traffic to all ports?
A.
MAC spoofing attack
B.
CAM overflow attack
C.
VLAN hopping attack
D.
STP attack
Explanation:
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11_603836.ht
mlSummary
The MAC Address Overflow attack is effective if the proper mitigation techniques are not in place on
the Cisco Catalyst 6500 series switch. By using publicly (free) and available Layer 2 attack tools found
on the Internet, anyone who understands how to setup and run these tools could potentially launch
an attack on your network.
MAC address monitoring is a feature present on Cisco Catalyst 6500 Series switches. This feature
helps mitigate MAC address flooding and other CAM overflow attacks by limiting the total number of
MAC addresses learned by the switch on per-port or per-VLAN basis. With MAC Address Monitoring,
a maximum threshold for the total number of MAC addresses can be configured and enforced on a
per-port and/or per-VLAN basis.
MAC address monitoring in Cisco IOS Software allows the definition of a single upper (maximum)
threshold. In addition, the number of MAC addresses learned can only be monitored on a per-port or
per-VLAN basis, and not a per-port-per-VLAN. By default, MAC address monitoring is disabled in
Cisco IOS Software. However, the maximum threshold for all ports and VLANs is configured to 500
MAC address entries, and when the threshold is exceeded the system is set to generate a system
message along with a syslog trap. These default values take effect only when MAC address
monitoring is enabled. The system can be configured to notify or disable the port or VLAN every time
the number of learned MAC addresses exceeds the predefined threshold. In our test, we used the
“mac-address-table limit” command on the access layer port interface to configure the MAC address
monitoring feature.