The difference between flooding and broadcasting

The purpose of the broadcast packet host is the entire network user, the use of broadcast address, on all ports to send packets, the behavior is active, can be understood as three layers of behavior;

Flooding means that the switch cannot find an entry in the Mac table that matches the destination address of the packet, sending the packet out of all ports (in addition to receiving the port of the packet), in order to find the target host to receive the packet, can understand the behavior of 2 layer;

Flooding does not require maintaining the topology of the network and related routing calculations, only the nodes that receive the information are required to forward the packets in a broadcast manner. For example, the source node wants to send a piece of data to the target node. The source node first passes a copy of the data over the network to each of its neighbor nodes, and each neighbor node transmits the data to its own other than the node that sent the data. This continues until the data is transferred to the target node or the data set lifetime (Ttl,time to Live) is 0.

Flooding includes:

1) SYN flood attack

The SYN attack utilizes TCP's three-time handshake mechanism, where the attacker uses a forged IP address to make a request to the attacking end, and the response message sent by the attacker will never be sent to the destination, so the attacker consumes resources while waiting to close the connection, if there are thousands of such connections, The host resource will be exhausted to achieve the purpose of the attack. We can take advantage of the router's TCP interception feature to make the hosts on the network protected (for example, Cisco routers).

2) DHCP message flooding attack

DHCP message flood attack refers to: malicious users using tools to forge a large number of DHCP packets sent to the server, on the one hand, malicious exhaustion of IP resources, so that legitimate users can not access IP resources;

On the other hand, if the DHCP snooping function is turned on on the switch, the received DHCP packets are sent to the CPU. As a result, a large number of DHCP message attack devices can cause the DHCP server to run at high load and even crash the device.

3) ARP message flood attack

The ARP message flooding is similar to the DHCP flooding, also is the malicious user sends the massive ARP message, causes the ARP table entry overflow of the L3 device, affects the normal user's forwarding.

The difference between flooding and broadcasting