Penetration Testing mailing list archives
[PEN-TEST] Route Poisoning
From: Shrikanth Shetty <shrikanths () HCLCOMNET CO IN>
Date: Wed, 7 Mar 2001 11:06:58 +0530
Hello, I was thinking about how a hacker can utilise spoofed route update packets to compromise a router network. I would like the list readers to tell me if the logic I have used is right or wrong. Ok here I go :) I was wondering whether it was possible for someone to spoof routing update tables being exchanged by routers to keep their routing tables current. As far as I know the routing table updates are multicast packets which can be sent to the Ethernet port of the router. In a scenario where someone has access to the traffic using a Ethernet sniffer on a hub LAN, I think it would be possible for someone to capture the update packets. This would first of all give the intruder knowledge about the network and also ip spoofing can be used to generate fake update packets. By sending a wrong update the intruder can direct traffic through the network through whatever route he /she desires. In RIP there is no authentication done to check the source of the packet.In OSPF a MD5 checksum of a password provided is used to check the authenticity of the update. ( I am not 100% sure on this part,please correct me if I am wrong here.)However i have been informed that normally nobody bothers with this password!! Now coming to the point which i am interested in, first of all is this all possible ??? or am I missing out on some very basic stuff!!! . second if possible can someone direct me to a site which has more info on this or may be share whatever he/she knows about all this. thanks shetty
Current thread:
- [PEN-TEST] Route Poisoning Shrikanth Shetty (Mar 07)
- Re: [PEN-TEST] Route Poisoning Enno Rey (Mar 07)
- Re: [PEN-TEST] Route Poisoning Curt Wilson - Netw3 Consulting (Mar 08)
- Re: [PEN-TEST] Route Poisoning Dario Ciccarone (Mar 08)
- <Possible follow-ups>
- Re: [PEN-TEST] Route Poisoning J C (Mar 10)