I'm specifically referring to the macof
tool (part of the dsniff
package).
As I understand it, MAC flooding is meant to overload a switch's CAM table, which maps MAC addresses to switch ports.
Where does specifying IP addresses and/or TCP ports fit into this?
Does doing so allow an attacker to bypass a Layer 3 switch's filters, ones that filter traffic based on IP addresses and/or TCP ports?