摘要 |
A method for protecting a network against a security attack from an user, and in particular, for a layer 2 switch, against a MAC flooding attack. Here, the MAC flooding attack floods the layer 2 switch with at least one packet, a database is provided which saves a MAC address and its allocation and the database has a maximum quantity. According to the method, an interface between the user of the network and a network access functions as a line of demarcation. When the limit of the maximum quantity for a port is reached, the port is blocked during a blocking time. This not only protects the first access node, but also the following network nodes and users respectively, against a security attack.
|