22.2.1.1.8. When Too Many Mac Address Requests

If the maximum number of MAC Addresses made to the ports of all network devices attached to SECHARD exceeds the maximum number of MAC Addresses, an Alarm is triggered. The Alarm includes the device name and Session Log information.

Figure 375 – Too Many Mac Address – Popup Alarm

In the output below, 8022 MAC Address requests have passed through the Te3/0/2 port of the switch named Cisco 3lu 2960 in a short time. This is a MAC Flooding Attack, which is a type of Flooding Attack from the Te3/0/2 port of this switch. This attack can be detected in a very short time thanks to SECHARD.

Figure 376 – Too Many Mac Address – Mail Alarm