CAM overflow attack

CAM (Content Addressable Memory) overflow attack is a type of layer 2 attack that exploits the vulnerability in network switches that use CAM tables.

A CAM table is a small high-speed memory on a network switch used to store MAC addresses and associated port numbers. When a packet is received by a switch, it looks up the destination MAC address in the CAM table to determine the correct output port to forward the packet.

In a CAM overflow attack, an attacker sends a large number of fake MAC addresses to the switch in a very short period of time. This overloads the CAM table, causing it to overflow, and resulting in the switch becoming unable to learn new MAC addresses.

As a result, the switch will fail to forward packets to the correct port and may broadcast the packets to all ports, leading to a significant network slowdown or even a complete network outage.

The attacker can then engage in various malicious activities, such as launching a Man-in-the-Middle attack to intercept, modify, or redirect network traffic, or eavesdropping on sensitive data traffic. CAM overflow attacks are dangerous because they can disrupt or disable an entire network, making it vulnerable to other attacks.

Last updated