A switch is set up to allow only 2 simultaneous MAC addresses per switch port. An administrator is
reviewing a log and determines that a switch ort has been deactivated in a conference room after
it detected 3 or more MAC addresses on the same port. Which of the following reasons could have
caused this port to be disabled?
A.
A pc had a NIC replaced and reconnected to the switch
B.
An ip telephone has been plugged in
C.
A rouge access point was plugged in
D.
An arp attack was launched from a pc on this port
APR poisoning is an attack that exploits Ethernet networks that may enable
an attacker to sniff frames of information or modify that information
1
0
ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network.
So what we have is:
1) A legitimate device using one MAC address. Count=1 MAC
2) Another device (using its own MAC), being used by a malicious actor sending falsified ARPs. This would use the same MAC twice or a different MAC. Count=2 MACs
A. A pc had a NIC replaced and reconnected to the switch. This is still one MAC. The port has not been configured to be MAC specific. It has been configured to use a maximum of two MACs regardless of specific MAC configuration (This is not MAC filtering which would be a nightmare to maintain in a conference room)
B. An ip telephone has been plugged in. This still would constitute one MAC
C.A rouge access point was plugged in – This still would constitute one MAC
D. An arp attack was launched from a pc on this port – Hence port protection detected x3 MACs and shut the port
0
0