If the maximum number of MAC Addresses made to the ports of all network devices attached to SECHARD exceeds the maximum number of MAC Addresses, an Alarm is triggered. The Alarm includes the device name and Session Log information.
In the output below, 8022 MAC Address requests have passed through the Te3/0/2 port of the switch named Cisco 3lu 2960 in a short time. This is a MAC Flooding Attack, which is a type of Flooding Attack from the Te3/0/2 port of this switch. This attack can be detected in a very short time thanks to SECHARD.
Add Comment