GCIH · Question #460
Which technique allows an attacker logged into a computer attached to switch port 8 to see traffic sent to hosts on other ports?
The correct answer is A. Launching a CAM table flood against the switch. A CAM table flood causes a switch to fail open and broadcast all traffic to every port, allowing the attacker on port 8 to capture frames destined for other hosts.
Question
Which technique allows an attacker logged into a computer attached to switch port 8 to see traffic sent to hosts on other ports?
Exhibit
Options
- ALaunching a CAM table flood against the switch
- BReleasing and renewing the computer's IP address
- CPoisoning the DNS cache on the switch
- DPutting the computer's network card into promiscuous mode
How the community answered
(47 responses)- A94% (44)
- C2% (1)
- D4% (2)
Why each option
A CAM table flood causes a switch to fail open and broadcast all traffic to every port, allowing the attacker on port 8 to capture frames destined for other hosts.
A switch maintains a Content Addressable Memory (CAM) table mapping MAC addresses to ports. When an attacker floods the switch with thousands of spoofed MAC addresses, the CAM table overflows and the switch can no longer make forwarding decisions, so it broadcasts all frames out every port - effectively behaving like a hub. This allows the attacker on port 8 to capture traffic intended for all other ports.
Releasing and renewing a DHCP lease only changes the host's IP address and has no effect on how the switch forwards Ethernet frames to other ports.
Switches do not maintain DNS caches - DNS cache poisoning targets resolvers and clients to redirect name resolution, not switch forwarding behavior.
Promiscuous mode configures the NIC to accept all frames it receives, but without flooding the CAM table the switch still delivers only relevant frames to port 8, so there is nothing extra to capture.
Concept tested: CAM table overflow attack enabling traffic sniffing
Source: https://www.cisco.com/c/en/us/support/docs/lan-switching/ethernet/10601-13.html
Topics
Community Discussion
No community discussion yet for this question.
