Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Routing Protocol Security

  • From: Hank Nussbacher
  • Date: Wed Aug 14 00:22:29 2002

At 07:43 PM 13-08-02 -0400, batz wrote:

On Mon, 12 Aug 2002 dylan@juniper.net wrote:

:Of the problems folks have run into, are they more often the result of a
:legitimate speaker being compromised & playing with advertisements
:somehow (and getting through filters that may or may not be present), or
:from devices actually spoofing their way into the IGP/EGP?  Are there
:any specific attacks anyone is aware of & can share?

My first pointer would be to the Phrack article Things to do in
Ciscoland when you are Dead. While this is not routing protocol
specific, it's more about fun that can be had with tunneling
traffic from a compromised network.
Better yet:
http://www.phenoelit.de/vippr/index.html
http://www.phenoelit.de/irpas/index.html

Also note that keepalives and routing updates are process switched (for Ciscos). Think about it.


The short term solution would be routers that denied all layer-3
traffic destined to it by default, (passing it to elsewhere)and
only accepted traffic from specifically configured peers. (Type
Enforcement(tm) on interfaces anyone?)
Don't forget layer-2 as well (from Networkers 2002):
http://www.cisco.com/networkers/nw02/post/presentations/general_abstracts.html#mitigation
http://www.cisco.com/networkers/nw02/post/presentations/docs/SEC-202.pdf

-Hank


Routers should be shipped in a state that is functionally inert to
packets on layer 3.

Alas..

--
batz




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.