[PEN-TEST] RIP & OSPF testing

[Curt Wilson <netw3 () NETW3 COM>]

I'm wondering if anyone has any experience in RIP or 
OSPF attacks, spoofing or otherwise. If a client would 
like you to audit their network including routers and 
network infrastructure, some of the packet crafting 
tools like nemesis (nemesis-rip and nemesis-ospf) 
could be used for auditing, but I'm uncertain as to the 
exact syntax that would be necessary, especially 
when it comes to the OSPF packets and nemesis-
ospf.

If there are other tools for these types of tests I'd love 
to learn more about them, also any procedures you 
may have developed for auditing of these network 
infrastructure protocols. I'm looking for information 
that goes beyond the usual router exploits such as 
weak SNMP community names, bad choices for 
enable password, bad or no egress/ingress filtering, 
etc. I really want to dig into the protocol level.

Thanks,
Curt Wilson
www.netw3.com