SlideShare a Scribd company logo

Router and Routing Protocol Attacks

Download as PPT, PDF
Conferencias FIST
Conferencias FIST
Technology
1 of 27
Router and Routing Protocol Attacks Balwant Rathore, CISSP 02/17/13 Mahindra British Telecom Ltd. 1
Agenda  Overview of Routing Protocols  Router Security Common Issues  Routing Protocol Attacks  Cisco Discovery Protocol (CDP) Attacks  Autonomous System Scanning  Routing Information Protocol (RIP) AttackS  Open Shortest Path First (OSPF) Attacks  Border Gateway Protocol (BGP) AttackS 02/17/13 Mahindra British Telecom Ltd. 2
Introduction  What are routing Protocols  Protocols that are used by routers  To communicate with each other  To determine appropriate path over which data can be transmitted  To make dynamic adjustment to its conditions  Many improvements on host security  Core technology still uses unauthenticated services 02/17/13 Mahindra British Telecom Ltd. 3
Router security common issues  Missconfigurations  IP Packet Handling bugs  SNMP community string  Weak password or weak password encryption  DoS because to malformed packets  Above mentioned attacks are commonly known  If attacked with routing protocol impact is very high  Any NIDS can detect most of them 02/17/13 Mahindra British Telecom Ltd. 4
Safeguard  Up to date patching  Strong SNMP communitystring  Strong encryption  Proper ingress/egress implementation  Proper management implementation  Encrypted Sessions  Strong Passwords  Run on Non standard ports  Route Filtering 02/17/13 Mahindra British Telecom Ltd. 5
Routing Protocol Attacks  Cisco Discovery Protocol (CDP) Attacks  Autonomous System Scanning  Routing Information Protocol (RIP) Attack  Open Shortest Path First (OSPF) Attacks  Border Gateway Protocol (BGP) Attacks 02/17/13 Mahindra British Telecom Ltd. 6
Cisco Discovery Protocol (CDP) overview  Layer 2 Protocol  Used to find out Cisco routers  Protocol is not routed  Sent periodically to multicast address [01:00:0C:CC:CC:CC]  So limited only for local segment  The default period is 60 second  Implemented in every Cisco device 02/17/13 Mahindra British Telecom Ltd. 7
Cisco Discovery Protocol (CDP) overview  Contain information about sending router/s  Host Name  Connected Port  Running Platform  Version  show cdp neighbors [type number] [detail] 02/17/13 Mahindra British Telecom Ltd. 8
Cisco Discovery Protocol (CDP) Attack  Phenoelit IRPAS  Download from http://www. phenoelit.de/irpas/download.html  This suit contains interesting tools cdp, igrp, irdp, irdpresponder, ass, hsrp 02/17/13 Mahindra British Telecom Ltd. 9
Cisco Discovery Protocol (CDP) Attack  IRPAS CDP  Operates in two modes: Flood and Spoof  Flood mode  Send garbase cdp messages  IOS 11.1.(1) was rebooted after sending long device ID  Later version store the messages and fill the memory  While debugging these message most IOS will reboot 02/17/13 Mahindra British Telecom Ltd. 10
Cisco Discovery Protocol (CDP) Attack  Smart way to perform this attack  Run two processes of IRPAS CDP  Send 1480 kb message to fill up the major part of memory  Send another message to fill length of 10 octet  Spoof mode  Targeted for social engineering or to confuse administrator  You can give proof of concept  02/17/13 Mahindra British Telecom Ltd. 11
Safeguards  Disable CDP if not required  no cdp run: disables CDP globally  no cdp enable: disables CDP on an interface (interface command)  Highly recommended to disable at Border Routers/Switches etc… 02/17/13 Mahindra British Telecom Ltd. 12
Autonomous System Scanning  Used to find AS of routers  IRPAS’s ASS supports IRDP, IGRP, EIGRP, RIPv1, RIPv2, CDP, HSRP and OSPF  Operates in Active and Passive mode  Passive mode: Listens to routing protocol packets  Active mode: Discover routers asking for information  You can scan range of AS$  Spoofed IP can be used 02/17/13 Mahindra British Telecom Ltd. 13
Routing Information Protocol (RIP v1) Overview  Routing Decisions are based on number of hops  Works only within a AS  Supports only 15 hops  Not good for large networks  RIP v1 communicates only it’s own information  RIP v1 has no authentication.  Can’t carry subnet mask so applies default subnet mask. 02/17/13 Mahindra British Telecom Ltd. 14
Routing Information Protocol (RIP v2) Overview  It can communicate other router information  RIP v2 supports authentication upto 16 char password  It can carry subnet information.  Doors are open to attackers by providing authentication in clear text. 02/17/13 Mahindra British Telecom Ltd. 15
Routing Information Protocol (RIP) Attack  Identify RIP Router by performing a Scan nmap –v –sU –p 520  Determine Routing Table  If you are on same physical segment, sniff it  If remote: rprobe + sniff  Add a route using srip to redirect traffic to your system  Now you knows where to send it.  02/17/13 Mahindra British Telecom Ltd. 16
Safeguards  Disable RIP use OSPF, security is always better  Restrict TCP/UDP 520 packets at border router 02/17/13 Mahindra British Telecom Ltd. 17
Open Shortest Path First (OSPF) Attack  OSPF is a Dynamic Link State Routing Protocol  Keeps map of entire network and choose shortest path  Update neighbors using LSAs messages  Hello packets are generated every 10 second and sent to 224.0.0.5  Uses protocol type 89 02/17/13 Mahindra British Telecom Ltd. 18
Open Shortest Path First (OSPF) Attack  Identify target: scan for proto 89  JiNao team has identified four ospf attacks http://152.45.4.41/projects/JiNao/JiN ao.html  Max Age attack  Sequence++ attack  Max Sequence attack  Bogus LSA attack 02/17/13 Mahindra British Telecom Ltd. 19
Open Shortest Path First (OSPF) Attack  nemiss-ospf can be used to perform ospf attacks  Tuff to use coz of the complexity OSPF  Good for skilled N/W admin  Some time doesn’t work properly 02/17/13 Mahindra British Telecom Ltd. 20
Safeguards  Do not use Dynamic Routing on hosts wherever not required  Implement MD5 authentication  You need to deal with key expiration, changeover and coordination across routers 02/17/13 Mahindra British Telecom Ltd. 21
Border Gateway Protocol (BGP) overview  Allows interdomain routing between two ASs  Guarantees the loop-free exchange  Only routing protocol which works on TCP (179)  Routing information is exchanged after connection establishment. 02/17/13 Mahindra British Telecom Ltd. 22
Border Gateway Protocol (BGP) Attacks  Large network backbone gives special attention on it’s security  Medium size networks are easier target  Packet Injection Vulnerabilities are specially dangerous coz flapping penalties 02/17/13 Mahindra British Telecom Ltd. 23
Border Gateway Protocol (BGP) Attacks  Identify BGP Router  It has many problem same as TCP  SYN Flood  Sequence number prediction  DOS  Possible advertisement of bad routes 02/17/13 Mahindra British Telecom Ltd. 24
References  Router Exploits www.antionline.com http://anticode.antionline.com/download.ph p?dcategory=router-exploits&sortby=  http://www.packetninja.net/.  http://www.phenoelit.de/irpas/  RIP Spoofing http://www.technotronic.com/horizon/ripa r.txt. 02/17/13 Mahindra British Telecom Ltd. 25
Questions ? 02/17/13 Mahindra British Telecom Ltd. 26
Thank you for you time ! 02/17/13 Mahindra British Telecom Ltd. 27

Recommended

Ppt of routing protocols
Ppt of routing protocolsPpt of routing protocols
Ppt of routing protocolsBhagyashri Dhoke
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
IP Security
IP SecurityIP Security
IP SecurityDr.Florence Dayana
 
Ipv4 and Ipv6
Ipv4 and Ipv6Ipv4 and Ipv6
Ipv4 and Ipv6rahul kundu
 
Firewall
FirewallFirewall
FirewallSaurabh Chauhan
 
wireless sensor network
wireless sensor networkwireless sensor network
wireless sensor networkDeepaDasarathan
 
Security in mobile ad hoc networks
Security in mobile ad hoc networksSecurity in mobile ad hoc networks
Security in mobile ad hoc networksPiyush Mittal
 
Rc4
Rc4Rc4
Rc4Amjad Rehman
 

Recommended

Ppt of routing protocols
Ppt of routing protocolsPpt of routing protocols
Ppt of routing protocolsBhagyashri Dhoke
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
IP Security
IP SecurityIP Security
IP SecurityDr.Florence Dayana
 
Ipv4 and Ipv6
Ipv4 and Ipv6Ipv4 and Ipv6
Ipv4 and Ipv6rahul kundu
 
Firewall
FirewallFirewall
FirewallSaurabh Chauhan
 
wireless sensor network
wireless sensor networkwireless sensor network
wireless sensor networkDeepaDasarathan
 
Security in mobile ad hoc networks
Security in mobile ad hoc networksSecurity in mobile ad hoc networks
Security in mobile ad hoc networksPiyush Mittal
 
Rc4
Rc4Rc4
Rc4Amjad Rehman
 
Routing protocols
Routing protocolsRouting protocols
Routing protocolsshravan kumar upadhayay
 
Ch03
Ch03Ch03
Ch03Joe Christensen
 
Subnetting
SubnettingSubnetting
SubnettingKishore Kumar
 
IPv4
IPv4IPv4
IPv4Dhiraj Mishra
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange ProtocolPrateek Singh Bapna
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its typesMohammed Maajidh
 
CMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signatureCMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signatureAdarsh Patel
 
Ip address
Ip addressIp address
Ip addressAmandeep Kaur
 
Digital signature
Digital signatureDigital signature
Digital signatureHossain Md Shakhawat
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
IPV6 ADDRESS
IPV6 ADDRESSIPV6 ADDRESS
IPV6 ADDRESSJothi Lakshmi
 
IP Address
IP AddressIP Address
IP AddressRahul P
 
IP Security
IP SecurityIP Security
IP SecurityAmbo University
 
Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewPost Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewRamesh Nagappan
 
Encapsulating security payload in Cryptography and Network Security
Encapsulating security payload in Cryptography and Network SecurityEncapsulating security payload in Cryptography and Network Security
Encapsulating security payload in Cryptography and Network SecurityKoushil Mankali
 
Nat presentation
Nat presentationNat presentation
Nat presentationhassoon3
 
Classical Encryption Techniques
Classical Encryption TechniquesClassical Encryption Techniques
Classical Encryption Techniquesuniversity of education,Lahore
 
ip security
ip securityip security
ip securityChirag Patel
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7AfiqEfendy Zaen
 
Switch and Router Security Testing
Switch and Router Security TestingSwitch and Router Security Testing
Switch and Router Security TestingConferencias FIST
 
Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocolsAbdessamad TEMMAR
 

More Related Content

What's hot

CMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signatureCMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signatureAdarsh Patel
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)Kalpesh Kalekar
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
IP Address
IP AddressIP Address
IP AddressRahul P
 
Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewPost Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewRamesh Nagappan
 
Encapsulating security payload in Cryptography and Network Security
Encapsulating security payload in Cryptography and Network SecurityEncapsulating security payload in Cryptography and Network Security
Encapsulating security payload in Cryptography and Network SecurityKoushil Mankali
 
Nat presentation
Nat presentationNat presentation
Nat presentationhassoon3
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7AfiqEfendy Zaen
 

What's hot (20)

Routing protocols
Routing protocolsRouting protocols
Routing protocols
 
Ch03
Ch03Ch03
Ch03
 
Subnetting
SubnettingSubnetting
Subnetting
 
IPv4
IPv4IPv4
IPv4
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange Protocol
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its types
 
CMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signatureCMACs and MACS based on block ciphers, Digital signature
CMACs and MACS based on block ciphers, Digital signature
 
Ip address
Ip addressIp address
Ip address
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Transport layer security (tls)
Transport layer security (tls)Transport layer security (tls)
Transport layer security (tls)
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
IPV6 ADDRESS
IPV6 ADDRESSIPV6 ADDRESS
IPV6 ADDRESS
 
IP Address
IP AddressIP Address
IP Address
 
IP Security
IP SecurityIP Security
IP Security
 
Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewPost Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical Overview
 
Encapsulating security payload in Cryptography and Network Security
Encapsulating security payload in Cryptography and Network SecurityEncapsulating security payload in Cryptography and Network Security
Encapsulating security payload in Cryptography and Network Security
 
Nat presentation
Nat presentationNat presentation
Nat presentation
 
Classical Encryption Techniques
Classical Encryption TechniquesClassical Encryption Techniques
Classical Encryption Techniques
 
ip security
ip securityip security
ip security
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7
 

Similar to Router and Routing Protocol Attacks

Switch and Router Security Testing
Switch and Router Security TestingSwitch and Router Security Testing
Switch and Router Security TestingConferencias FIST
 
Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocolsAbdessamad TEMMAR
 
Surviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview QuestionsSurviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview QuestionsDuane Bodle
 
The benefit of BGP for every service provider
The benefit of BGP for every service providerThe benefit of BGP for every service provider
The benefit of BGP for every service providerThomas Mangin
 
Routing Information Protocol
Routing Information ProtocolRouting Information Protocol
Routing Information ProtocolKashif Latif
 
All about routers
All about routersAll about routers
All about routersagwanna
 
Some important networking questions
Some important networking questionsSome important networking questions
Some important networking questionsSrikanth
 
MPI DevCon Hsinchu City 2017: MIPI I3C High Data Rate Modes: How to Speed up ...
MPI DevCon Hsinchu City 2017: MIPI I3C High Data Rate Modes: How to Speed up ...MPI DevCon Hsinchu City 2017: MIPI I3C High Data Rate Modes: How to Speed up ...
MPI DevCon Hsinchu City 2017: MIPI I3C High Data Rate Modes: How to Speed up ...MIPI Alliance
 
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner MaiaIpv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner MaiaWardner Maia
 
Security Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksSecurity Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksIOSR Journals
 
Certified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheetCertified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheetDavid Sweigert
 
Introduction To NIDS
Introduction To NIDSIntroduction To NIDS
Introduction To NIDSMichael Boman
 
Eric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayEric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayIKT-Norge
 

Similar to Router and Routing Protocol Attacks (20)

Switch and Router Security Testing
Switch and Router Security TestingSwitch and Router Security Testing
Switch and Router Security Testing
 
Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocols
 
Secured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRRSecured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRR
 
Surviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview QuestionsSurviving The Stump The Chump Interview Questions
Surviving The Stump The Chump Interview Questions
 
The benefit of BGP for every service provider
The benefit of BGP for every service providerThe benefit of BGP for every service provider
The benefit of BGP for every service provider
 
Routing Information Protocol
Routing Information ProtocolRouting Information Protocol
Routing Information Protocol
 
Advanced Topics in IP Multicast Deployment
Advanced Topics in IP Multicast DeploymentAdvanced Topics in IP Multicast Deployment
Advanced Topics in IP Multicast Deployment
 
All about routers
All about routersAll about routers
All about routers
 
Some important networking questions
Some important networking questionsSome important networking questions
Some important networking questions
 
Overlay networks
Overlay networksOverlay networks
Overlay networks
 
MPI DevCon Hsinchu City 2017: MIPI I3C High Data Rate Modes: How to Speed up ...
MPI DevCon Hsinchu City 2017: MIPI I3C High Data Rate Modes: How to Speed up ...MPI DevCon Hsinchu City 2017: MIPI I3C High Data Rate Modes: How to Speed up ...
MPI DevCon Hsinchu City 2017: MIPI I3C High Data Rate Modes: How to Speed up ...
 
ION Malta - Seeweb Why MANRS is good for you
ION Malta - Seeweb Why MANRS is good for youION Malta - Seeweb Why MANRS is good for you
ION Malta - Seeweb Why MANRS is good for you
 
3.Network
3.Network3.Network
3.Network
 
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner MaiaIpv6 Security with Mikrotik RouterOS by Wardner Maia
Ipv6 Security with Mikrotik RouterOS by Wardner Maia
 
CCNA Icnd110 s05l05
CCNA Icnd110 s05l05CCNA Icnd110 s05l05
CCNA Icnd110 s05l05
 
D017131318
D017131318D017131318
D017131318
 
Security Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration NetworksSecurity Issues in Next Generation IP and Migration Networks
Security Issues in Next Generation IP and Migration Networks
 
Certified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheetCertified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheet
 
Introduction To NIDS
Introduction To NIDSIntroduction To NIDS
Introduction To NIDS
 
Eric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayEric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norway
 

More from Conferencias FIST

Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceConferencias FIST
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseConferencias FIST
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiConferencias FIST
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security ForumConferencias FIST
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes WirelessConferencias FIST
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la ConcienciaciónConferencias FIST
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloConferencias FIST
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseConferencias FIST
 

More from Conferencias FIST (20)

Seguridad en Open Solaris
Seguridad en Open SolarisSeguridad en Open Solaris
Seguridad en Open Solaris
 
Seguridad en Entornos Web Open Source
Seguridad en Entornos Web Open SourceSeguridad en Entornos Web Open Source
Seguridad en Entornos Web Open Source
 
Spanish Honeynet Project
Spanish Honeynet ProjectSpanish Honeynet Project
Spanish Honeynet Project
 
Seguridad en Windows Mobile
Seguridad en Windows MobileSeguridad en Windows Mobile
Seguridad en Windows Mobile
 
SAP Security
SAP SecuritySAP Security
SAP Security
 
Que es Seguridad
Que es SeguridadQue es Seguridad
Que es Seguridad
 
Network Access Protection
Network Access ProtectionNetwork Access Protection
Network Access Protection
 
Las Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática ForenseLas Evidencias Digitales en la Informática Forense
Las Evidencias Digitales en la Informática Forense
 
Evolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFiEvolución y situación actual de la seguridad en redes WiFi
Evolución y situación actual de la seguridad en redes WiFi
 
El Information Security Forum
El Information Security ForumEl Information Security Forum
El Information Security Forum
 
Criptografia Cuántica
Criptografia CuánticaCriptografia Cuántica
Criptografia Cuántica
 
Inseguridad en Redes Wireless
Inseguridad en Redes WirelessInseguridad en Redes Wireless
Inseguridad en Redes Wireless
 
Mas allá de la Concienciación
Mas allá de la ConcienciaciónMas allá de la Concienciación
Mas allá de la Concienciación
 
Security Metrics
Security MetricsSecurity Metrics
Security Metrics
 
PKI Interoperability
PKI InteroperabilityPKI Interoperability
PKI Interoperability
 
Wifislax 3.1
Wifislax 3.1Wifislax 3.1
Wifislax 3.1
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Riesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el DesarrolloRiesgo y Vulnerabilidades en el Desarrollo
Riesgo y Vulnerabilidades en el Desarrollo
 
Demostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis ForenseDemostracion Hacking Honeypot y Análisis Forense
Demostracion Hacking Honeypot y Análisis Forense
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity Model
 

Recently uploaded

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Router and Routing Protocol Attacks

  • 1. Router and Routing Protocol Attacks Balwant Rathore, CISSP 02/17/13 Mahindra British Telecom Ltd. 1
  • 2. Agenda  Overview of Routing Protocols  Router Security Common Issues  Routing Protocol Attacks  Cisco Discovery Protocol (CDP) Attacks  Autonomous System Scanning  Routing Information Protocol (RIP) AttackS  Open Shortest Path First (OSPF) Attacks  Border Gateway Protocol (BGP) AttackS 02/17/13 Mahindra British Telecom Ltd. 2
  • 3. Introduction  What are routing Protocols  Protocols that are used by routers  To communicate with each other  To determine appropriate path over which data can be transmitted  To make dynamic adjustment to its conditions  Many improvements on host security  Core technology still uses unauthenticated services 02/17/13 Mahindra British Telecom Ltd. 3
  • 4. Router security common issues  Missconfigurations  IP Packet Handling bugs  SNMP community string  Weak password or weak password encryption  DoS because to malformed packets  Above mentioned attacks are commonly known  If attacked with routing protocol impact is very high  Any NIDS can detect most of them 02/17/13 Mahindra British Telecom Ltd. 4
  • 5. Safeguard  Up to date patching  Strong SNMP communitystring  Strong encryption  Proper ingress/egress implementation  Proper management implementation  Encrypted Sessions  Strong Passwords  Run on Non standard ports  Route Filtering 02/17/13 Mahindra British Telecom Ltd. 5
  • 6. Routing Protocol Attacks  Cisco Discovery Protocol (CDP) Attacks  Autonomous System Scanning  Routing Information Protocol (RIP) Attack  Open Shortest Path First (OSPF) Attacks  Border Gateway Protocol (BGP) Attacks 02/17/13 Mahindra British Telecom Ltd. 6
  • 7. Cisco Discovery Protocol (CDP) overview  Layer 2 Protocol  Used to find out Cisco routers  Protocol is not routed  Sent periodically to multicast address [01:00:0C:CC:CC:CC]  So limited only for local segment  The default period is 60 second  Implemented in every Cisco device 02/17/13 Mahindra British Telecom Ltd. 7
  • 8. Cisco Discovery Protocol (CDP) overview  Contain information about sending router/s  Host Name  Connected Port  Running Platform  Version  show cdp neighbors [type number] [detail] 02/17/13 Mahindra British Telecom Ltd. 8
  • 9. Cisco Discovery Protocol (CDP) Attack  Phenoelit IRPAS  Download from http://www. phenoelit.de/irpas/download.html  This suit contains interesting tools cdp, igrp, irdp, irdpresponder, ass, hsrp 02/17/13 Mahindra British Telecom Ltd. 9
  • 10. Cisco Discovery Protocol (CDP) Attack  IRPAS CDP  Operates in two modes: Flood and Spoof  Flood mode  Send garbase cdp messages  IOS 11.1.(1) was rebooted after sending long device ID  Later version store the messages and fill the memory  While debugging these message most IOS will reboot 02/17/13 Mahindra British Telecom Ltd. 10
  • 11. Cisco Discovery Protocol (CDP) Attack  Smart way to perform this attack  Run two processes of IRPAS CDP  Send 1480 kb message to fill up the major part of memory  Send another message to fill length of 10 octet  Spoof mode  Targeted for social engineering or to confuse administrator  You can give proof of concept  02/17/13 Mahindra British Telecom Ltd. 11
  • 12. Safeguards  Disable CDP if not required  no cdp run: disables CDP globally  no cdp enable: disables CDP on an interface (interface command)  Highly recommended to disable at Border Routers/Switches etc… 02/17/13 Mahindra British Telecom Ltd. 12
  • 13. Autonomous System Scanning  Used to find AS of routers  IRPAS’s ASS supports IRDP, IGRP, EIGRP, RIPv1, RIPv2, CDP, HSRP and OSPF  Operates in Active and Passive mode  Passive mode: Listens to routing protocol packets  Active mode: Discover routers asking for information  You can scan range of AS$  Spoofed IP can be used 02/17/13 Mahindra British Telecom Ltd. 13
  • 14. Routing Information Protocol (RIP v1) Overview  Routing Decisions are based on number of hops  Works only within a AS  Supports only 15 hops  Not good for large networks  RIP v1 communicates only it’s own information  RIP v1 has no authentication.  Can’t carry subnet mask so applies default subnet mask. 02/17/13 Mahindra British Telecom Ltd. 14
  • 15. Routing Information Protocol (RIP v2) Overview  It can communicate other router information  RIP v2 supports authentication upto 16 char password  It can carry subnet information.  Doors are open to attackers by providing authentication in clear text. 02/17/13 Mahindra British Telecom Ltd. 15
  • 16. Routing Information Protocol (RIP) Attack  Identify RIP Router by performing a Scan nmap –v –sU –p 520  Determine Routing Table  If you are on same physical segment, sniff it  If remote: rprobe + sniff  Add a route using srip to redirect traffic to your system  Now you knows where to send it.  02/17/13 Mahindra British Telecom Ltd. 16
  • 17. Safeguards  Disable RIP use OSPF, security is always better  Restrict TCP/UDP 520 packets at border router 02/17/13 Mahindra British Telecom Ltd. 17
  • 18. Open Shortest Path First (OSPF) Attack  OSPF is a Dynamic Link State Routing Protocol  Keeps map of entire network and choose shortest path  Update neighbors using LSAs messages  Hello packets are generated every 10 second and sent to 224.0.0.5  Uses protocol type 89 02/17/13 Mahindra British Telecom Ltd. 18
  • 19. Open Shortest Path First (OSPF) Attack  Identify target: scan for proto 89  JiNao team has identified four ospf attacks http://152.45.4.41/projects/JiNao/JiN ao.html  Max Age attack  Sequence++ attack  Max Sequence attack  Bogus LSA attack 02/17/13 Mahindra British Telecom Ltd. 19
  • 20. Open Shortest Path First (OSPF) Attack  nemiss-ospf can be used to perform ospf attacks  Tuff to use coz of the complexity OSPF  Good for skilled N/W admin  Some time doesn’t work properly 02/17/13 Mahindra British Telecom Ltd. 20
  • 21. Safeguards  Do not use Dynamic Routing on hosts wherever not required  Implement MD5 authentication  You need to deal with key expiration, changeover and coordination across routers 02/17/13 Mahindra British Telecom Ltd. 21
  • 22. Border Gateway Protocol (BGP) overview  Allows interdomain routing between two ASs  Guarantees the loop-free exchange  Only routing protocol which works on TCP (179)  Routing information is exchanged after connection establishment. 02/17/13 Mahindra British Telecom Ltd. 22
  • 23. Border Gateway Protocol (BGP) Attacks  Large network backbone gives special attention on it’s security  Medium size networks are easier target  Packet Injection Vulnerabilities are specially dangerous coz flapping penalties 02/17/13 Mahindra British Telecom Ltd. 23
  • 24. Border Gateway Protocol (BGP) Attacks  Identify BGP Router  It has many problem same as TCP  SYN Flood  Sequence number prediction  DOS  Possible advertisement of bad routes 02/17/13 Mahindra British Telecom Ltd. 24
  • 25. References  Router Exploits www.antionline.com http://anticode.antionline.com/download.ph p?dcategory=router-exploits&sortby=  http://www.packetninja.net/.  http://www.phenoelit.de/irpas/  RIP Spoofing http://www.technotronic.com/horizon/ripa r.txt. 02/17/13 Mahindra British Telecom Ltd. 25
  • 26. Questions ? 02/17/13 Mahindra British Telecom Ltd. 26
  • 27. Thank you for you time ! 02/17/13 Mahindra British Telecom Ltd. 27