Security Basics mailing list archives

Re: getting routes from internet facing routers

From: martin <martiniscool () gmail com>
Date: Tue, 21 Jul 2009 08:17:38 +0100

Thanks for the reply Chris.  Having re-read my original e-mail I see I
woreded it really badly :-(  The part from my original mail I'm
actually interested in is this line:

I've also heard that it's possible to get routes from a router/firewall facing the public domain without having to 
login to it


In other words, that potential hackers can start to build a diagram of
my network by sending crafted packets to my internet facing router and
seeing what private IP routes (ie 10.0.0.0, 192.168 etc etc) routes
lie inside.

I've googled this and found nothing.  Do you (or anybody else) have
any ideas how to get these routes out when you don't have access to
the router ?  Is it by using ICMP ?

Also, is it possible to "extract" routes from an internet facing
router regardless of what routing protocol it's running, or even if
it's running just static routing ?

Hope I've explained myself better this time ?

M

2009/7/21 Chris <cweindel () gmail com>:

If you're routing with BGP, you can filter it by blocking port 179.  all
ICMP does it block those types of packets - it won't help you block
advertised routes.

of course, the ultimate externally facing router is in front of a firewall /
in a DMZ...

C


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

getting routes from internet facing routers martin (Jul 20)
- Message not available
  - Re: getting routes from internet facing routers martin (Jul 21)
    - Re: getting routes from internet facing routers Shreyas Zare (Jul 21)
    - Re: getting routes from internet facing routers martin (Jul 22)
    - Re: getting routes from internet facing routers Jeffrey Walton (Jul 22)
    - Re: getting routes from internet facing routers Shreyas Zare (Jul 22)
- Re: getting routes from internet facing routers aditya mukadam (Jul 22)
  - Message not available
    - Message not available
    - Message not available
    - getting routes from internet facing routers martin (Jul 27)
- <Possible follow-ups>
- Re: Re: getting routes from internet facing routers stcroix111 (Jul 27)