Routing Protocol Security

Hank Nussbacher hank at att.net.il
Wed Aug 14 04:19:03 UTC 2002


At 07:43 PM 13-08-02 -0400, batz wrote:

>On Mon, 12 Aug 2002 dylan at juniper.net wrote:
>
>:Of the problems folks have run into, are they more often the result of a
>:legitimate speaker being compromised & playing with advertisements
>:somehow (and getting through filters that may or may not be present), or
>:from devices actually spoofing their way into the IGP/EGP?  Are there
>:any specific attacks anyone is aware of & can share?
>
>My first pointer would be to the Phrack article Things to do in
>Ciscoland when you are Dead. While this is not routing protocol
>specific, it's more about fun that can be had with tunneling
>traffic from a compromised network.

Better yet:
http://www.phenoelit.de/vippr/index.html
http://www.phenoelit.de/irpas/index.html

Also note that keepalives and routing updates are process switched (for 
Ciscos).  Think about it.


>The short term solution would be routers that denied all layer-3
>traffic destined to it by default, (passing it to elsewhere)and
>only accepted traffic from specifically configured peers. (Type
>Enforcement(tm) on interfaces anyone?)

Don't forget layer-2 as well (from Networkers 2002):
http://www.cisco.com/networkers/nw02/post/presentations/general_abstracts.html#mitigation
http://www.cisco.com/networkers/nw02/post/presentations/docs/SEC-202.pdf

-Hank

>
>
>Routers should be shipped in a state that is functionally inert to
>packets on layer 3.
>
>Alas..
>
>--
>batz




More information about the NANOG mailing list