MAC flooding is a Layer 2 attack in which an attacker sends a large number of fake MAC addresses to a switch, filling up its CAM (Content Addressable Memory) table. Once the table is full:

The switch enters “fail-open” mode and broadcasts traffic to all ports

The attacker can then sniff sensitive traffic

This attack effectively turns a switch into a hub, facilitating data sniffing.

Incorrect Options:

A. Evil twin is a wireless attack using rogue access points.

B. DNS cache flooding corrupts DNS entries, unrelated to Ethernet.

D. DDoS attacks are about overwhelming systems/services, not Layer 2 memory overflows.

Reference – CEH v13 Official Courseware:

Module 11: Sniffing

Section: “Switch Port Stealing and MAC Flooding”

Subsection: “Layer 2 Attacks and CAM Table Poisoning”

===========