Mitigating Spoof Attacks
Describing a MAC spoof attack

MAC Spoofing attacks occur when a device spoofs the MAC address of a valid network device to gain access to frames not normally forwarded out the switch port of the attacker. The attacker generates a single frame with a source MAC address of the valid device. The switch overwrites the valid CAM table entry with an entry for the same MAC address out the port of the attacking device. This causes the switch to forward frames destined for the valid MAC address out the port of the network attacker. Once the valid host sends additional frames, the spoofed CAM table entry is overwritten so forwarding to that MAC address resumes on the legitimate port.

A MAC spoofing attack follows the sequence that is shown in Figures  and .