North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Routing Protocol Security
- From: Hank Nussbacher
- Date: Wed Aug 14 00:22:29 2002
At 07:43 PM 13-08-02 -0400, batz wrote:
On Mon, 12 Aug 2002 dylan@juniper.net wrote:
:Of the problems folks have run into, are they more often the result of a
:legitimate speaker being compromised & playing with advertisements
:somehow (and getting through filters that may or may not be present), or
:from devices actually spoofing their way into the IGP/EGP? Are there
:any specific attacks anyone is aware of & can share?
My first pointer would be to the Phrack article Things to do in
Ciscoland when you are Dead. While this is not routing protocol
specific, it's more about fun that can be had with tunneling
traffic from a compromised network.
Better yet:
http://www.phenoelit.de/vippr/index.html
http://www.phenoelit.de/irpas/index.html
Also note that keepalives and routing updates are process switched (for
Ciscos). Think about it.
The short term solution would be routers that denied all layer-3
traffic destined to it by default, (passing it to elsewhere)and
only accepted traffic from specifically configured peers. (Type
Enforcement(tm) on interfaces anyone?)
Don't forget layer-2 as well (from Networkers 2002):
http://www.cisco.com/networkers/nw02/post/presentations/general_abstracts.html#mitigation
http://www.cisco.com/networkers/nw02/post/presentations/docs/SEC-202.pdf
-Hank
Routers should be shipped in a state that is functionally inert to
packets on layer 3.
Alas..
--
batz
| 
