MAC spoofing attacks are attacks launched by clients on a Layer 2 network. Attackers spoof their MAC address to perform a man-in-the-middle (MiTM) attack. In one common attack, the attacker pretends to be the default gateway and sends out a gratuitous Address Resolution Protocol (ARP) to the network so that users send their traffic through the attacker rather than the default gateway. The attacker then forwards user traffic to the real default gateway. An attacker on a fast enough host can capture and forward packets so that victims do not notice any change in their network access. Many tools available for download from the Internet, such as Ettercap, can accomplish such a task, and preventing such attacks is quite problematic.
One way to mitigate this threat is to use Port Security. For this to work, however, the maximum MAC address setting must be 1, and the support headache associated with using this setting can potentially be greater than the risk of this type of an attack occurring.