At 07:43 PM 13-08-02 -0400, batz wrote:
>On Mon, 12 Aug 2002 [EMAIL PROTECTED] wrote: > >:Of the problems folks have run into, are they more often the result of a >:legitimate speaker being compromised & playing with advertisements >:somehow (and getting through filters that may or may not be present), or >:from devices actually spoofing their way into the IGP/EGP? Are there >:any specific attacks anyone is aware of & can share? > >My first pointer would be to the Phrack article Things to do in >Ciscoland when you are Dead. While this is not routing protocol >specific, it's more about fun that can be had with tunneling >traffic from a compromised network. Better yet: http://www.phenoelit.de/vippr/index.html http://www.phenoelit.de/irpas/index.html Also note that keepalives and routing updates are process switched (for Ciscos). Think about it. >The short term solution would be routers that denied all layer-3 >traffic destined to it by default, (passing it to elsewhere)and >only accepted traffic from specifically configured peers. (Type >Enforcement(tm) on interfaces anyone?) Don't forget layer-2 as well (from Networkers 2002): http://www.cisco.com/networkers/nw02/post/presentations/general_abstracts.html#mitigation http://www.cisco.com/networkers/nw02/post/presentations/docs/SEC-202.pdf -Hank > > >Routers should be shipped in a state that is functionally inert to >packets on layer 3. > >Alas.. > >-- >batz
