nanog mailing list archives
Re: Routing Protocol Security
From: Hank Nussbacher <hank () att net il>
Date: Wed, 14 Aug 2002 07:19:03 +0300
At 07:43 PM 13-08-02 -0400, batz wrote:
On Mon, 12 Aug 2002 dylan () juniper net wrote: :Of the problems folks have run into, are they more often the result of a :legitimate speaker being compromised & playing with advertisements :somehow (and getting through filters that may or may not be present), or :from devices actually spoofing their way into the IGP/EGP? Are there :any specific attacks anyone is aware of & can share? My first pointer would be to the Phrack article Things to do in Ciscoland when you are Dead. While this is not routing protocol specific, it's more about fun that can be had with tunneling traffic from a compromised network.
Better yet: http://www.phenoelit.de/vippr/index.html http://www.phenoelit.de/irpas/index.htmlAlso note that keepalives and routing updates are process switched (for Ciscos). Think about it.
The short term solution would be routers that denied all layer-3 traffic destined to it by default, (passing it to elsewhere)and only accepted traffic from specifically configured peers. (Type Enforcement(tm) on interfaces anyone?)
Don't forget layer-2 as well (from Networkers 2002): http://www.cisco.com/networkers/nw02/post/presentations/general_abstracts.html#mitigation http://www.cisco.com/networkers/nw02/post/presentations/docs/SEC-202.pdf -Hank
Routers should be shipped in a state that is functionally inert to packets on layer 3. Alas.. -- batz
Current thread:
- Routing Protocol Security Jeff Doyle (Aug 13)
- Re: Routing Protocol Security senthil ayyasamy (Aug 13)
- Re: Routing Protocol Security dylan (Aug 13)
- Re: Routing Protocol Security batz (Aug 13)
- Re: Routing Protocol Security Hank Nussbacher (Aug 13)
- Re: Routing Protocol Security dylan (Aug 13)
- Re: Routing Protocol Security senthil ayyasamy (Aug 13)
- Best Current Practices for Routing Protocol Security Sean Donelan (Aug 14)
- Re: Best Current Practices for Routing Protocol Security John Kristoff (Aug 14)
- Re: Best Current Practices for Routing Protocol Security dylan (Aug 14)
- Re: Best Current Practices for Routing Protocol Security Stephen J. Wilcox (Aug 14)
- Re: Best Current Practices for Routing Protocol Security John Kristoff (Aug 14)
- <Possible follow-ups>
- Re: Routing Protocol Security Danny McPherson (Aug 13)