CAM Table

From Wikipedia, the free encyclopedia

This article is orphaned as few or no other articles link to it. Please help introduce links in articles on related topics. (November 2007)

Content Addressable Memory (CAM) table is a common term usually referring to the Dynamic Content Addressable Memory[1] on an Ethernet switch.

Contents 1 Ethernet Switching 2 Ethernet Switch - CAM ≈ Ethernet Hub 3 Role of the CAM Table 4 Attacks

[edit] Ethernet Switching

A Ethernet switch's role is to copy bits (referred to as Ethernet frames) from one port to another, quickly, at layer two of the OSI model. The presence of a CAM table is one attribute that separates a switch from a hub. Without a functional CAM table, all frames received by a network switch would be echoed back out to all other switch ports, much like an Ethernet hub. CAM tables are often the target of layer 2 network attacks in a local area network to set up man-in-the-middle attacks.

[edit] Ethernet Switch - CAM ≈ Ethernet Hub

A layer 2 Ethernet switch's role is to copy bits (formatted in frames) from one port to another, quickly. A hub simply emits a frame received on one port back out to all connected ports. A switch should only emits a frame on the port where the destination network device resides (unicast), unless the frame is for all nodes on the switch (broadcast) or multiple nodes (multicast).

[edit] Role of the CAM Table

Generally, the CAM table is a system memory construct used by Ethernet switch logic to dereference media access control Media Access Control (MAC) addresses of stations to the ports on which they connect to the switch itself. This allows switches to facilitate communications between connected stations at high speed and in full-duplex regardless of how many devices are connected to the switch. The CAM table is consulted to make the frame forwarding decision. On Ethernet networks that transmit IP, switches learn MAC addresses from the source address of ethernet frames on the ports, such as Address Resolution Protocol (ARP) response packets.

[edit] Attacks

A threat agent which has control of a device connected to an ethernet switch can attack the switch's CAM table. This attack usually involves exploiting a vulnerability in switch design exception handling when the switch runs out of space to record all of the MAC:port mappings it learns. If the table fills, most switches are no longer able to reliably map a MAC to a port. Rather than give up on delivering frames, the switch begins to echo any received frame to all ports. In the case of unicast datagrams, data formerly only available to the communications endpoint nodes is now available to ALL nodes on the switch. This is an inherent confidentiality vulnerability in many ethernet switches. When the switch is operating in this temporary state, any cleartext data is visible to a watching third party. This also can cause impaired performance levels on the switch.