SlideShare a Scribd company logo

Router and Routing Protocol Attacks

Download as PPT, PDF
Conferencias FIST
Conferencias FIST
Technology
1 of 27
Router and Routing Protocol Attacks Balwant Rathore, CISSP 02/17/13 Mahindra British Telecom Ltd. 1
Agenda  Overview of Routing Protocols  Router Security Common Issues  Routing Protocol Attacks  Cisco Discovery Protocol (CDP) Attacks  Autonomous System Scanning  Routing Information Protocol (RIP) AttackS  Open Shortest Path First (OSPF) Attacks  Border Gateway Protocol (BGP) AttackS 02/17/13 Mahindra British Telecom Ltd. 2
Introduction  What are routing Protocols  Protocols that are used by routers  To communicate with each other  To determine appropriate path over which data can be transmitted  To make dynamic adjustment to its conditions  Many improvements on host security  Core technology still uses unauthenticated services 02/17/13 Mahindra British Telecom Ltd. 3
Router security common issues  Missconfigurations  IP Packet Handling bugs  SNMP community string  Weak password or weak password encryption  DoS because to malformed packets  Above mentioned attacks are commonly known  If attacked with routing protocol impact is very high  Any NIDS can detect most of them 02/17/13 Mahindra British Telecom Ltd. 4
Safeguard  Up to date patching  Strong SNMP communitystring  Strong encryption  Proper ingress/egress implementation  Proper management implementation  Encrypted Sessions  Strong Passwords  Run on Non standard ports  Route Filtering 02/17/13 Mahindra British Telecom Ltd. 5
Routing Protocol Attacks  Cisco Discovery Protocol (CDP) Attacks  Autonomous System Scanning  Routing Information Protocol (RIP) Attack  Open Shortest Path First (OSPF) Attacks  Border Gateway Protocol (BGP) Attacks 02/17/13 Mahindra British Telecom Ltd. 6
Cisco Discovery Protocol (CDP) overview  Layer 2 Protocol  Used to find out Cisco routers  Protocol is not routed  Sent periodically to multicast address [01:00:0C:CC:CC:CC]  So limited only for local segment  The default period is 60 second  Implemented in every Cisco device 02/17/13 Mahindra British Telecom Ltd. 7
Cisco Discovery Protocol (CDP) overview  Contain information about sending router/s  Host Name  Connected Port  Running Platform  Version  show cdp neighbors [type number] [detail] 02/17/13 Mahindra British Telecom Ltd. 8
Cisco Discovery Protocol (CDP) Attack  Phenoelit IRPAS  Download from http://www. phenoelit.de/irpas/download.html  This suit contains interesting tools cdp, igrp, irdp, irdpresponder, ass, hsrp 02/17/13 Mahindra British Telecom Ltd. 9
Cisco Discovery Protocol (CDP) Attack  IRPAS CDP  Operates in two modes: Flood and Spoof  Flood mode  Send garbase cdp messages  IOS 11.1.(1) was rebooted after sending long device ID  Later version store the messages and fill the memory  While debugging these message most IOS will reboot 02/17/13 Mahindra British Telecom Ltd. 10
Cisco Discovery Protocol (CDP) Attack  Smart way to perform this attack  Run two processes of IRPAS CDP  Send 1480 kb message to fill up the major part of memory  Send another message to fill length of 10 octet  Spoof mode  Targeted for social engineering or to confuse administrator  You can give proof of concept  02/17/13 Mahindra British Telecom Ltd. 11
Safeguards  Disable CDP if not required  no cdp run: disables CDP globally  no cdp enable: disables CDP on an interface (interface command)  Highly recommended to disable at Border Routers/Switches etc… 02/17/13 Mahindra British Telecom Ltd. 12
Autonomous System Scanning  Used to find AS of routers  IRPAS’s ASS supports IRDP, IGRP, EIGRP, RIPv1, RIPv2, CDP, HSRP and OSPF  Operates in Active and Passive mode  Passive mode: Listens to routing protocol packets  Active mode: Discover routers asking for information  You can scan range of AS$  Spoofed IP can be used 02/17/13 Mahindra British Telecom Ltd. 13
Routing Information Protocol (RIP v1) Overview  Routing Decisions are based on number of hops  Works only within a AS  Supports only 15 hops  Not good for large networks  RIP v1 communicates only it’s own information  RIP v1 has no authentication.  Can’t carry subnet mask so applies default subnet mask. 02/17/13 Mahindra British Telecom Ltd. 14
Routing Information Protocol (RIP v2) Overview  It can communicate other router information  RIP v2 supports authentication upto 16 char password  It can carry subnet information.  Doors are open to attackers by providing authentication in clear text. 02/17/13 Mahindra British Telecom Ltd. 15
Routing Information Protocol (RIP) Attack  Identify RIP Router by performing a Scan nmap –v –sU –p 520  Determine Routing Table  If you are on same physical segment, sniff it  If remote: rprobe + sniff  Add a route using srip to redirect traffic to your system  Now you knows where to send it.  02/17/13 Mahindra British Telecom Ltd. 16
Safeguards  Disable RIP use OSPF, security is always better  Restrict TCP/UDP 520 packets at border router 02/17/13 Mahindra British Telecom Ltd. 17
Open Shortest Path First (OSPF) Attack  OSPF is a Dynamic Link State Routing Protocol  Keeps map of entire network and choose shortest path  Update neighbors using LSAs messages  Hello packets are generated every 10 second and sent to 224.0.0.5  Uses protocol type 89 02/17/13 Mahindra British Telecom Ltd. 18
Open Shortest Path First (OSPF) Attack  Identify target: scan for proto 89  JiNao team has identified four ospf attacks http://152.45.4.41/projects/JiNao/JiN ao.html  Max Age attack  Sequence++ attack  Max Sequence attack  Bogus LSA attack 02/17/13 Mahindra British Telecom Ltd. 19
Open Shortest Path First (OSPF) Attack  nemiss-ospf can be used to perform ospf attacks  Tuff to use coz of the complexity OSPF  Good for skilled N/W admin  Some time doesn’t work properly 02/17/13 Mahindra British Telecom Ltd. 20
Safeguards  Do not use Dynamic Routing on hosts wherever not required  Implement MD5 authentication  You need to deal with key expiration, changeover and coordination across routers 02/17/13 Mahindra British Telecom Ltd. 21
Border Gateway Protocol (BGP) overview  Allows interdomain routing between two ASs  Guarantees the loop-free exchange  Only routing protocol which works on TCP (179)  Routing information is exchanged after connection establishment. 02/17/13 Mahindra British Telecom Ltd. 22
Border Gateway Protocol (BGP) Attacks  Large network backbone gives special attention on it’s security  Medium size networks are easier target  Packet Injection Vulnerabilities are specially dangerous coz flapping penalties 02/17/13 Mahindra British Telecom Ltd. 23
Border Gateway Protocol (BGP) Attacks  Identify BGP Router  It has many problem same as TCP  SYN Flood  Sequence number prediction  DOS  Possible advertisement of bad routes 02/17/13 Mahindra British Telecom Ltd. 24
References  Router Exploits www.antionline.com http://anticode.antionline.com/download.ph p?dcategory=router-exploits&sortby=  http://www.packetninja.net/.  http://www.phenoelit.de/irpas/  RIP Spoofing http://www.technotronic.com/horizon/ripa r.txt. 02/17/13 Mahindra British Telecom Ltd. 25
Questions ? 02/17/13 Mahindra British Telecom Ltd. 26
Thank you for you time ! 02/17/13 Mahindra British Telecom Ltd. 27

Recommended

CCNA PPT
CCNA PPTCCNA PPT
CCNA PPTReetesh Gupta
 
Acl cisco
Acl ciscoAcl cisco
Acl ciscoTapan Khilar
 
Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)Peter R. Egli
 
Spanning tree protocol (stp)
Spanning tree protocol (stp)Spanning tree protocol (stp)
Spanning tree protocol (stp)RaghulR21
 
Vlan
Vlan Vlan
Vlan sanss40
 
Access Control List & its Types
Access Control List & its TypesAccess Control List & its Types
Access Control List & its TypesNetwax Lab
 
MPLS
MPLSMPLS
MPLSElyes Naouar
 
Cisco ACL
Cisco ACLCisco ACL
Cisco ACLfaust0
 

Recommended

CCNA PPT
CCNA PPTCCNA PPT
CCNA PPTReetesh Gupta
 
Acl cisco
Acl ciscoAcl cisco
Acl ciscoTapan Khilar
 
Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)Overview of Spanning Tree Protocol (STP & RSTP)
Overview of Spanning Tree Protocol (STP & RSTP)Peter R. Egli
 
Spanning tree protocol (stp)
Spanning tree protocol (stp)Spanning tree protocol (stp)
Spanning tree protocol (stp)RaghulR21
 
Vlan
Vlan Vlan
Vlan sanss40
 
Access Control List & its Types
Access Control List & its TypesAccess Control List & its Types
Access Control List & its TypesNetwax Lab
 
MPLS
MPLSMPLS
MPLSElyes Naouar
 
Cisco ACL
Cisco ACLCisco ACL
Cisco ACLfaust0
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)NetProtocol Xpert
 
MPLS Presentation
MPLS PresentationMPLS Presentation
MPLS PresentationUnni Kannan VijayaKumar
 
CCNA
CCNACCNA
CCNAAbhishek Parihari
 
Ccna ppt1
Ccna ppt1Ccna ppt1
Ccna ppt1AIRTEL
 
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...Tarun Khaneja
 
CCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch ConfigurationCCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch ConfigurationDsunte Wilson
 
Ether channel fundamentals
Ether channel fundamentalsEther channel fundamentals
Ether channel fundamentalsEdgardo Scrimaglia
 
STP Protection
STP ProtectionSTP Protection
STP ProtectionNetwax Lab
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
ccna networking ppt
ccna networking pptccna networking ppt
ccna networking pptEr. Anmol Bhagat
 
EtherChannel Configuration
EtherChannel ConfigurationEtherChannel Configuration
EtherChannel ConfigurationNetProtocol Xpert
 
EIGRP (Enhanced Interior Gateway Routing Protocol)
EIGRP (Enhanced Interior Gateway Routing Protocol)EIGRP (Enhanced Interior Gateway Routing Protocol)
EIGRP (Enhanced Interior Gateway Routing Protocol)NetProtocol Xpert
 
Routers and Routing Configuration
Routers and Routing ConfigurationRouters and Routing Configuration
Routers and Routing Configurationyasir1122
 
CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2Nil Menon
 
Fhrp notes
Fhrp notesFhrp notes
Fhrp notesKrunal Shah
 
Gateway load balancing protocol
Gateway load balancing protocolGateway load balancing protocol
Gateway load balancing protocolWahyu Nasution
 
Stream Control Transmission Protocol (SCTP) - Introduction
Stream Control Transmission Protocol (SCTP) - IntroductionStream Control Transmission Protocol (SCTP) - Introduction
Stream Control Transmission Protocol (SCTP) - IntroductionLaili Aidi
 
How Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsHow Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsUday Bhatia
 
Switch and Router Security Testing
Switch and Router Security TestingSwitch and Router Security Testing
Switch and Router Security TestingConferencias FIST
 
Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocolsAbdessamad TEMMAR
 

More Related Content

What's hot

IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)NetProtocol Xpert
 
Ccna ppt1
Ccna ppt1Ccna ppt1
Ccna ppt1AIRTEL
 
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...Tarun Khaneja
 
CCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch ConfigurationCCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch ConfigurationDsunte Wilson
 
STP Protection
STP ProtectionSTP Protection
STP ProtectionNetwax Lab
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)ISMT College
 
EIGRP (Enhanced Interior Gateway Routing Protocol)
EIGRP (Enhanced Interior Gateway Routing Protocol)EIGRP (Enhanced Interior Gateway Routing Protocol)
EIGRP (Enhanced Interior Gateway Routing Protocol)NetProtocol Xpert
 
Routers and Routing Configuration
Routers and Routing ConfigurationRouters and Routing Configuration
Routers and Routing Configurationyasir1122
 
CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2Nil Menon
 
Gateway load balancing protocol
Gateway load balancing protocolGateway load balancing protocol
Gateway load balancing protocolWahyu Nasution
 
Stream Control Transmission Protocol (SCTP) - Introduction
Stream Control Transmission Protocol (SCTP) - IntroductionStream Control Transmission Protocol (SCTP) - Introduction
Stream Control Transmission Protocol (SCTP) - IntroductionLaili Aidi
 
How Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsHow Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsUday Bhatia
 

What's hot (20)

SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure Shell
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols
 
MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)
 
MPLS Presentation
MPLS PresentationMPLS Presentation
MPLS Presentation
 
CCNA
CCNACCNA
CCNA
 
Ccna ppt1
Ccna ppt1Ccna ppt1
Ccna ppt1
 
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
 
CCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch ConfigurationCCNA Basic Switching and Switch Configuration
CCNA Basic Switching and Switch Configuration
 
Ether channel fundamentals
Ether channel fundamentalsEther channel fundamentals
Ether channel fundamentals
 
STP Protection
STP ProtectionSTP Protection
STP Protection
 
Access Control List (ACL)
Access Control List (ACL)Access Control List (ACL)
Access Control List (ACL)
 
ccna networking ppt
ccna networking pptccna networking ppt
ccna networking ppt
 
EtherChannel Configuration
EtherChannel ConfigurationEtherChannel Configuration
EtherChannel Configuration
 
EIGRP (Enhanced Interior Gateway Routing Protocol)
EIGRP (Enhanced Interior Gateway Routing Protocol)EIGRP (Enhanced Interior Gateway Routing Protocol)
EIGRP (Enhanced Interior Gateway Routing Protocol)
 
Routers and Routing Configuration
Routers and Routing ConfigurationRouters and Routing Configuration
Routers and Routing Configuration
 
CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2CCNA 2 Routing and Switching v5.0 Chapter 2
CCNA 2 Routing and Switching v5.0 Chapter 2
 
Fhrp notes
Fhrp notesFhrp notes
Fhrp notes
 
Gateway load balancing protocol
Gateway load balancing protocolGateway load balancing protocol
Gateway load balancing protocol
 
Stream Control Transmission Protocol (SCTP) - Introduction
Stream Control Transmission Protocol (SCTP) - IntroductionStream Control Transmission Protocol (SCTP) - Introduction
Stream Control Transmission Protocol (SCTP) - Introduction
 
How Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsHow Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptions
 

Similar to Router and Routing Protocol Attacks

Switch and Router Security Testing
Switch and Router Security TestingSwitch and Router Security Testing
Switch and Router Security TestingConferencias FIST
 
Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocolsAbdessamad TEMMAR
 
Surviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview QuestionsSurviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview QuestionsDuane Bodle
 
The benefit of BGP for every service provider
The benefit of BGP for every service providerThe benefit of BGP for every service provider
The benefit of BGP for every service providerThomas Mangin
 
Routing Information Protocol
Routing Information ProtocolRouting Information Protocol
Routing Information ProtocolKashif Latif
 
All about routers
All about routersAll about routers
All about routersagwanna
 
Some important networking questions
Some important networking questionsSome important networking questions
Some important networking questionsSrikanth
 
MPI DevCon Hsinchu City 2017: MIPI I3C High Data Rate Modes: How to Speed up ...
MPI DevCon Hsinchu City 2017: MIPI I3C High Data Rate Modes: How to Speed up ...MPI DevCon Hsinchu City 2017: MIPI I3C High Data Rate Modes: How to Speed up ...
MPI DevCon Hsinchu City 2017: MIPI I3C High Data Rate Modes: How to Speed up ...MIPI Alliance
 
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner MaiaIpv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner MaiaWardner Maia
 
Security Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksSecurity Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksIOSR Journals
 
Certified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheetCertified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheetDavid Sweigert
 
Introduction To NIDS
Introduction To NIDSIntroduction To NIDS
Introduction To NIDSMichael Boman
 
Eric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayEric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayIKT-Norge
 

Similar to Router and Routing Protocol Attacks (20)

Switch and Router Security Testing
Switch and Router Security TestingSwitch and Router Security Testing
Switch and Router Security Testing
 
Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocols
 
Secured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRSecured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRR
 
Surviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview QuestionsSurviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview Questions
 
The benefit of BGP for every service provider
The benefit of BGP for every service providerThe benefit of BGP for every service provider
The benefit of BGP for every service provider
 
Routing Information Protocol
Routing Information ProtocolRouting Information Protocol
Routing Information Protocol
 
Advanced Topics in IP Multicast Deployment
Advanced Topics in IP Multicast DeploymentAdvanced Topics in IP Multicast Deployment
Advanced Topics in IP Multicast Deployment
 
All about routers
All about routersAll about routers
All about routers
 
Some important networking questions
Some important networking questionsSome important networking questions
Some important networking questions
 
Overlay networks
Overlay networksOverlay networks
Overlay networks
 
MPI DevCon Hsinchu City 2017: MIPI I3C High Data Rate Modes: How to Speed up ...
MPI DevCon Hsinchu City 2017: MIPI I3C High Data Rate Modes: How to Speed up ...MPI DevCon Hsinchu City 2017: MIPI I3C High Data Rate Modes: How to Speed up ...
MPI DevCon Hsinchu City 2017: MIPI I3C High Data Rate Modes: How to Speed up ...
 
ION Malta - Seeweb Why MANRS is good for you
ION Malta - Seeweb Why MANRS is good for youION Malta - Seeweb Why MANRS is good for you
ION Malta - Seeweb Why MANRS is good for you
 
3.Network
3.Network3.Network
3.Network
 
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner MaiaIpv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
 
CCNA Icnd110 s05l05
CCNA Icnd110 s05l05CCNA Icnd110 s05l05
CCNA Icnd110 s05l05
 
D017131318
D017131318D017131318
D017131318
 
Security Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksSecurity Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration Networks
 
Certified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheetCertified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheet
 
Introduction To NIDS
Introduction To NIDSIntroduction To NIDS
Introduction To NIDS
 
Eric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayEric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norway
 

More from Conferencias FIST

Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceConferencias FIST
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseConferencias FIST
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiConferencias FIST
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security ForumConferencias FIST
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes WirelessConferencias FIST
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la ConcienciaciónConferencias FIST
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloConferencias FIST
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseConferencias FIST
 

More from Conferencias FIST (20)

Seguridad en Open Solaris
Seguridad en Open SolarisSeguridad en Open Solaris
Seguridad en Open Solaris
 
Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open Source
 
Spanish Honeynet Project
Spanish Honeynet ProjectSpanish Honeynet Project
Spanish Honeynet Project
 
Seguridad en Windows Mobile
Seguridad en Windows MobileSeguridad en Windows Mobile
Seguridad en Windows Mobile
 
SAP Security
SAP SecuritySAP Security
SAP Security
 
Que es Seguridad
Que es SeguridadQue es Seguridad
Que es Seguridad
 
Network Access Protection
Network Access ProtectionNetwork Access Protection
Network Access Protection
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática Forense
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFi
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security Forum
 
Criptografia Cuántica
Criptografia CuánticaCriptografia Cuántica
Criptografia Cuántica
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes Wireless
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la Concienciación
 
Security Metrics
Security MetricsSecurity Metrics
Security Metrics
 
PKI Interoperability
PKI InteroperabilityPKI Interoperability
PKI Interoperability
 
Wifislax 3.1
Wifislax 3.1Wifislax 3.1
Wifislax 3.1
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el Desarrollo
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis Forense
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity Model
 

Recently uploaded

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

Router and Routing Protocol Attacks

  • 1. Router and Routing Protocol Attacks Balwant Rathore, CISSP 02/17/13 Mahindra British Telecom Ltd. 1
  • 2. Agenda  Overview of Routing Protocols  Router Security Common Issues  Routing Protocol Attacks  Cisco Discovery Protocol (CDP) Attacks  Autonomous System Scanning  Routing Information Protocol (RIP) AttackS  Open Shortest Path First (OSPF) Attacks  Border Gateway Protocol (BGP) AttackS 02/17/13 Mahindra British Telecom Ltd. 2
  • 3. Introduction  What are routing Protocols  Protocols that are used by routers  To communicate with each other  To determine appropriate path over which data can be transmitted  To make dynamic adjustment to its conditions  Many improvements on host security  Core technology still uses unauthenticated services 02/17/13 Mahindra British Telecom Ltd. 3
  • 4. Router security common issues  Missconfigurations  IP Packet Handling bugs  SNMP community string  Weak password or weak password encryption  DoS because to malformed packets  Above mentioned attacks are commonly known  If attacked with routing protocol impact is very high  Any NIDS can detect most of them 02/17/13 Mahindra British Telecom Ltd. 4
  • 5. Safeguard  Up to date patching  Strong SNMP communitystring  Strong encryption  Proper ingress/egress implementation  Proper management implementation  Encrypted Sessions  Strong Passwords  Run on Non standard ports  Route Filtering 02/17/13 Mahindra British Telecom Ltd. 5
  • 6. Routing Protocol Attacks  Cisco Discovery Protocol (CDP) Attacks  Autonomous System Scanning  Routing Information Protocol (RIP) Attack  Open Shortest Path First (OSPF) Attacks  Border Gateway Protocol (BGP) Attacks 02/17/13 Mahindra British Telecom Ltd. 6
  • 7. Cisco Discovery Protocol (CDP) overview  Layer 2 Protocol  Used to find out Cisco routers  Protocol is not routed  Sent periodically to multicast address [01:00:0C:CC:CC:CC]  So limited only for local segment  The default period is 60 second  Implemented in every Cisco device 02/17/13 Mahindra British Telecom Ltd. 7
  • 8. Cisco Discovery Protocol (CDP) overview  Contain information about sending router/s  Host Name  Connected Port  Running Platform  Version  show cdp neighbors [type number] [detail] 02/17/13 Mahindra British Telecom Ltd. 8
  • 9. Cisco Discovery Protocol (CDP) Attack  Phenoelit IRPAS  Download from http://www. phenoelit.de/irpas/download.html  This suit contains interesting tools cdp, igrp, irdp, irdpresponder, ass, hsrp 02/17/13 Mahindra British Telecom Ltd. 9
  • 10. Cisco Discovery Protocol (CDP) Attack  IRPAS CDP  Operates in two modes: Flood and Spoof  Flood mode  Send garbase cdp messages  IOS 11.1.(1) was rebooted after sending long device ID  Later version store the messages and fill the memory  While debugging these message most IOS will reboot 02/17/13 Mahindra British Telecom Ltd. 10
  • 11. Cisco Discovery Protocol (CDP) Attack  Smart way to perform this attack  Run two processes of IRPAS CDP  Send 1480 kb message to fill up the major part of memory  Send another message to fill length of 10 octet  Spoof mode  Targeted for social engineering or to confuse administrator  You can give proof of concept  02/17/13 Mahindra British Telecom Ltd. 11
  • 12. Safeguards  Disable CDP if not required  no cdp run: disables CDP globally  no cdp enable: disables CDP on an interface (interface command)  Highly recommended to disable at Border Routers/Switches etc… 02/17/13 Mahindra British Telecom Ltd. 12
  • 13. Autonomous System Scanning  Used to find AS of routers  IRPAS’s ASS supports IRDP, IGRP, EIGRP, RIPv1, RIPv2, CDP, HSRP and OSPF  Operates in Active and Passive mode  Passive mode: Listens to routing protocol packets  Active mode: Discover routers asking for information  You can scan range of AS$  Spoofed IP can be used 02/17/13 Mahindra British Telecom Ltd. 13
  • 14. Routing Information Protocol (RIP v1) Overview  Routing Decisions are based on number of hops  Works only within a AS  Supports only 15 hops  Not good for large networks  RIP v1 communicates only it’s own information  RIP v1 has no authentication.  Can’t carry subnet mask so applies default subnet mask. 02/17/13 Mahindra British Telecom Ltd. 14
  • 15. Routing Information Protocol (RIP v2) Overview  It can communicate other router information  RIP v2 supports authentication upto 16 char password  It can carry subnet information.  Doors are open to attackers by providing authentication in clear text. 02/17/13 Mahindra British Telecom Ltd. 15
  • 16. Routing Information Protocol (RIP) Attack  Identify RIP Router by performing a Scan nmap –v –sU –p 520  Determine Routing Table  If you are on same physical segment, sniff it  If remote: rprobe + sniff  Add a route using srip to redirect traffic to your system  Now you knows where to send it.  02/17/13 Mahindra British Telecom Ltd. 16
  • 17. Safeguards  Disable RIP use OSPF, security is always better  Restrict TCP/UDP 520 packets at border router 02/17/13 Mahindra British Telecom Ltd. 17
  • 18. Open Shortest Path First (OSPF) Attack  OSPF is a Dynamic Link State Routing Protocol  Keeps map of entire network and choose shortest path  Update neighbors using LSAs messages  Hello packets are generated every 10 second and sent to 224.0.0.5  Uses protocol type 89 02/17/13 Mahindra British Telecom Ltd. 18
  • 19. Open Shortest Path First (OSPF) Attack  Identify target: scan for proto 89  JiNao team has identified four ospf attacks http://152.45.4.41/projects/JiNao/JiN ao.html  Max Age attack  Sequence++ attack  Max Sequence attack  Bogus LSA attack 02/17/13 Mahindra British Telecom Ltd. 19
  • 20. Open Shortest Path First (OSPF) Attack  nemiss-ospf can be used to perform ospf attacks  Tuff to use coz of the complexity OSPF  Good for skilled N/W admin  Some time doesn’t work properly 02/17/13 Mahindra British Telecom Ltd. 20
  • 21. Safeguards  Do not use Dynamic Routing on hosts wherever not required  Implement MD5 authentication  You need to deal with key expiration, changeover and coordination across routers 02/17/13 Mahindra British Telecom Ltd. 21
  • 22. Border Gateway Protocol (BGP) overview  Allows interdomain routing between two ASs  Guarantees the loop-free exchange  Only routing protocol which works on TCP (179)  Routing information is exchanged after connection establishment. 02/17/13 Mahindra British Telecom Ltd. 22
  • 23. Border Gateway Protocol (BGP) Attacks  Large network backbone gives special attention on it’s security  Medium size networks are easier target  Packet Injection Vulnerabilities are specially dangerous coz flapping penalties 02/17/13 Mahindra British Telecom Ltd. 23
  • 24. Border Gateway Protocol (BGP) Attacks  Identify BGP Router  It has many problem same as TCP  SYN Flood  Sequence number prediction  DOS  Possible advertisement of bad routes 02/17/13 Mahindra British Telecom Ltd. 24
  • 25. References  Router Exploits www.antionline.com http://anticode.antionline.com/download.ph p?dcategory=router-exploits&sortby=  http://www.packetninja.net/.  http://www.phenoelit.de/irpas/  RIP Spoofing http://www.technotronic.com/horizon/ripa r.txt. 02/17/13 Mahindra British Telecom Ltd. 25
  • 26. Questions ? 02/17/13 Mahindra British Telecom Ltd. 26
  • 27. Thank you for you time ! 02/17/13 Mahindra British Telecom Ltd. 27