10-24-2024

MAC Address Spoofing Attacks

• MAC cloning attacks - when threat actors discover a valid MAC address of a device connected to a switch, and spoof the MAC address on their own device and the switch changes its MAC address table to reflect the MAC address with the port to which the attacker's device is connected

• DHCP (Dynamic Host Control Protocol) - Leasing IP addresses;

• PCs with same MAC address will have the same IP address - can use this to trick DHCP

• IP conflict - intermitted connectivity

• MAC flooding attacks - when a threat actor overflows the switch with Ethernet packets that have been spoofed so that every packet contains a different src MAC address