MAC Spoofing attacks occur when a device spoofs the MAC address of a valid
network device to gain access to frames not normally forwarded out the switch
port of the attacker. The attacker generates a single frame with a source MAC
address of the valid device. The switch overwrites the valid CAM table entry
with an entry for the same MAC address out the port of the attacking device.
This causes the switch to forward frames destined for the valid MAC address out
the port of the network attacker. Once the valid host sends additional frames,
the spoofed CAM table entry is overwritten so forwarding to that MAC address
resumes on the legitimate port.
A MAC spoofing attack follows the
sequence that is shown in Figures
and
.