A MAC address flood attack is occurring on the Company LAN. During this attack, numerous frames
are forwarded to a switch which causes the CAM table to fill to capacity. How does this action
benefit the attacker?

A.
All traffic is tagged with a specific VLAN ID from the VLAN of the attacker and is now
viewable.

B.
Clients will forward packets to the attacking device, which will in turn send them to the
desired destination but not before recording the traffic patterns.

C.
All traffic is redirected to the VLAN that the attacker used to flood the CAM table.

D.
All traffic is flooded out all ports and an attacker is able to capture all data.

E.
None of the other alternatives apply

Explanation:
MAC flooding basically involves bombarding the switch with spoofed ARP requests in the hope of
making the switch “fail open”. This, in essence, makes the switch display the characteristics of a hub,

where it sends packets to all ports. A MAC flooding attack looks like traffic from thousands or
computers moving into one port, but it’s actually the attacker spoofing the MAC address of
thousands of non-existent hosts. The goal is to flood the switches CAM (content addressable
memory) table, or port/MAC table with these bogus requests, and once flooded, the switch will
broadcast openly onto a LAN, allowing the attacker to start sniffing. The success of this attack is
almost completely dependant on the model and manufacturer of the switch.
Reference: http://www.governmentsecurity.org/archive/t2605.html