This test checks that the access switch does not broadcast packets (i.e. that the switch does not go into "hub" mode) when the MAC address table is full. If such broadcasting occurs, a malicious user can sniff network traffic by causing the MAC table to overflow.
Impact: Eavesdropping, DoS
- Malicious sends UDP packets with random source MAC address for 40 seconds.
- ISP sends UDP packets to Customer.
- A packet addressed to Customer arrives at Malicious.
This test conforms to SEC Access Certification ID "SEC-CM-MACLIMIT-1" and to SAVI RFC 6959 section 3.1.2.
- Malicious Customer: A customer interface performing malicious actions.
- Customer: One or more customers that Malicious will affect.
- ISP: A central node on a trusted port.
- Source UDP port: Source UDP port for traffic sent from ISP to customer. Range: 1 ... 65535. Default: 41234.
- Destination UDP port: Destination UDP port for traffic sent from ISP to customer. Range: 1 ... 65535. Default: 24567.