Daniel Roberson

CAM overflow

0001-01-01

CAM (Content Addressable Memory) Table Overflowing is a Layer 2 attack against networking switches in which the CAM table is flooded with bogus MAC addresses, eventually causing the switch to act as a hub, which allows the attacker to sniff traffic they otherwise wouldn’t be able to.

https://0xbharath.github.io/art-of-packet-crafting-with-scapy/network_attacks/cam_overflow/index.html

No notes link to this note

Recent Posts

Linux Persistence: Modular Software

2025-04-17 DFIR CTF persistence linux persistence apache asterisk

Linux Persistence: Web Shells

2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP

Linux Persistence: Rootkits

2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking

Linux Persistence: Processes

2025-04-11 DFIR persistence processes linux persistence processes

Defanging Linux LKM Rootkits With cleanup_module()

2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit