Bugtraq mailing list archives

Re: Cisco HSRP Weakness/DoS

From: bashis <bash () NS WCD SE>
Date: Sat, 5 May 2001 18:12:16 +0200

Hi

b) what worries me about this method is that it is close to ideal for
  a man in the middle attack (take over default gw, rewrite source
  address to my own address, rewrite anything else in the packet, send
  to the real router).


It's realy old news, this was allready known in '98 when they written
RFC 2281 ( http://www.faqs.org/rfcs/rfc2281.html )
but nobody have talked about it in public,
except Cisco who is saying how good it is, to get a fault tolerant network..

Well, i'm not suprised that there are lots of ppl who dont know this,
so thats why i posted it to bugtraq, to make ppl aware of it..

Regards,
bashis


--
\0x62\0x61\0x73\0x68\0x69\0x73

Current thread:

Cisco HSRP Weakness/DoS bashis (May 03)
- <Possible follow-ups>
- Re: Cisco HSRP Weakness/DoS Steven M. Bellovin (May 03)
- Re: Cisco HSRP Weakness/DoS bashis (May 05)
- Re: Cisco HSRP Weakness/DoS Damir Rajnovic (May 16)