|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Routing Protocol Security
At 07:43 PM 13-08-02 -0400, batz wrote: Better yet:On Mon, 12 Aug 2002 [email protected] wrote: :Of the problems folks have run into, are they more often the result of a :legitimate speaker being compromised & playing with advertisements :somehow (and getting through filters that may or may not be present), or :from devices actually spoofing their way into the IGP/EGP? Are there :any specific attacks anyone is aware of & can share? My first pointer would be to the Phrack article Things to do in Ciscoland when you are Dead. While this is not routing protocol specific, it's more about fun that can be had with tunneling traffic from a compromised network. http://www.phenoelit.de/vippr/index.html http://www.phenoelit.de/irpas/index.html Also note that keepalives and routing updates are process switched (for Ciscos). Think about it. The short term solution would be routers that denied all layer-3 traffic destined to it by default, (passing it to elsewhere)and only accepted traffic from specifically configured peers. (Type Enforcement(tm) on interfaces anyone?) Don't forget layer-2 as well (from Networkers 2002): http://www.cisco.com/networkers/nw02/post/presentations/general_abstracts.html#mitigation http://www.cisco.com/networkers/nw02/post/presentations/docs/SEC-202.pdf -Hank Routers should be shipped in a state that is functionally inert to packets on layer 3. Alas.. -- batz
|