MAC table overflow

This test checks that the access switch does not broadcast packets (i.e. that the switch does not go into "hub" mode) when the MAC address table is full. If such broadcasting occurs, a malicious user can sniff network traffic by causing the MAC table to overflow.

Impact: Eavesdropping, DoS

Test process

  • Malicious sends UDP packets with random source MAC address for 40 seconds.
  • ISP sends UDP packets to Customer.

Fail criteria

  • A packet addressed to Customer arrives at Malicious.

References

This test conforms to SEC Access Certification ID "SEC-CM-MACLIMIT-1" and to SAVI RFC 6959 section 3.1.2.

Parameters

General

  • Malicious Customer: A customer interface performing malicious actions.
  • Customer: One or more customers that Malicious will affect.
  • ISP: A central node on a trusted port.  

Advanced

  • Source UDP port: Source UDP port for traffic sent from ISP to customer. Range: 1 ... 65535. Default: 41234.
  • Destination UDP port: Destination UDP port for traffic sent from ISP to customer. Range: 1 ... 65535. Default: 24567.
Have more questions? Submit a request

Comments

Powered by Zendesk