I don't understand the benefit of port security (limiting the amount of MACs that can be connected to a single port of the router), what is the problem that motivates using this?
Asked
Active
Viewed 212 times
1 Answers
6
Port Security defends against the following attacks:
- CAM table overflow
- DHCP starvation
- MAC spoofing (partial)
The first two rely upon the ability of the attacker to flood the network with requests from bogus MAC addresses, so Port Security directly inhibits them. The latter is only partially mitigated; an attack which only needs to spoof one address (and not use a valid address too) would be able to bypass Port Security. However, that rules out some attacks - for example if the attacker needs remote control of the endpoint on valid IP/MAC "A" and wants to spoof IP/MAC "B" in an attack - can't do both at once.
gowenfawr
- 72,893
- 17
- 165
- 200