From: Fernando Gont [mailto:fernando () gont com ar]
Sent: Wednesday, March 24, 2004 2:27 PM
To: gillettdavid () fhda edu; security-basics () securityfocus com
Subject: RE: Caching a sniffer
At 08:58 24/03/2004 -0800, David Gillett wrote:
I presume that some switches, faced with something like
overflow the table such that legitimate addresses that
should have been
learned start flooding to all ports as well.
But this is not the only possible reaction of a switched
macoff! If Cisco's port security is enabled, the switch may
down the port running macoff.
How does it detect this? By realizing that frames from a
given port come
from several different MAC source addresses?