Tip:
Highlight text to annotate it
X
In the following demo we’re going to show a MAC table overflow attack.
In the demo, Eve the Attacker is going to eavesdrop on Alice's traffic to Bob, even
though Alice and Eve are not connected to the same switch. AS you’ll remember, and
just as we saw in the last video, Eve is going to send lots of Ethernet packets with new
addresses to force the forwarding table in the switches to overflow, so that Alice’s
traffic to Bob is going to be broadcast. Eve will then eavesdrop on the traffic.
Let’s see how it works.
The demo I’m going to show you runs on the Mininet emulation system, which means you
can easily and safely run it yourself on your own computer, and I’ll tell you shortly
how. It also means the same code can easily be replicated into a real network. The demo
was created by TY Huang, a PhD student here at Stanford.
First, let's verify that under normal conditions Eve can't eavesdrop on Alice.. Alice is sending
pings to Bob while Eve is running tcpdump on her machine, listening for traffic from
Alice's IP address 10.0.0.1. AS you can see, tcpdump doesn’t capture any traffic and
Eve doesn't hear anything, so we know the learning mechanism is working fine and no
traffic is being broadcast.
Next, Eve runs an attack in which she overwhelms the network with new, randomly generated Ethernet
addresses. The switch dutifully learns them all until its forwarding table fills up and
overflows, evicting the learned Ethernet address of Alice's server.
Alice is still sending pings to Bob, and they are now being broadcast. The tcpdump running
on Eve’s machine can see the packets and reports them. It doesn’t see all of them,
because occasionally the switch will successfully learn Alice’s address, but it is quickly
evicted again because of the onslaught of new Ethernet packets from Eve.
When Eve stops generating new ethernet addresses, the switch relearns Alice's ethernet address
and can stop broadcasting the traffic between Alice and Bob. Thus, Eve will no longer be
able to hear their traffic. If you would like, you can reproduce
this demo by downloading the Mininet script from here "https://github.com/mininet/mininet/wiki/Assignments"
and run it in a Mininet instance.