Routing Protocol Security
Hank Nussbacher
hank at att.net.il
Wed Aug 14 04:19:03 UTC 2002
At 07:43 PM 13-08-02 -0400, batz wrote:
>On Mon, 12 Aug 2002 dylan at juniper.net wrote:
>
>:Of the problems folks have run into, are they more often the result of a
>:legitimate speaker being compromised & playing with advertisements
>:somehow (and getting through filters that may or may not be present), or
>:from devices actually spoofing their way into the IGP/EGP? Are there
>:any specific attacks anyone is aware of & can share?
>
>My first pointer would be to the Phrack article Things to do in
>Ciscoland when you are Dead. While this is not routing protocol
>specific, it's more about fun that can be had with tunneling
>traffic from a compromised network.
Better yet:
http://www.phenoelit.de/vippr/index.html
http://www.phenoelit.de/irpas/index.html
Also note that keepalives and routing updates are process switched (for
Ciscos). Think about it.
>The short term solution would be routers that denied all layer-3
>traffic destined to it by default, (passing it to elsewhere)and
>only accepted traffic from specifically configured peers. (Type
>Enforcement(tm) on interfaces anyone?)
Don't forget layer-2 as well (from Networkers 2002):
http://www.cisco.com/networkers/nw02/post/presentations/general_abstracts.html#mitigation
http://www.cisco.com/networkers/nw02/post/presentations/docs/SEC-202.pdf
-Hank
>
>
>Routers should be shipped in a state that is functionally inert to
>packets on layer 3.
>
>Alas..
>
>--
>batz
More information about the NANOG
mailing list