Attacks on routers.
Oleg Petukhov, lawyer in the field of international law and personal data protection, information security specialist security, protection of information and personal data.
Telegram channel: https://t.me/protectioninformation
Telegram Group: https://t.me/informationprotection1
Website: https://legascom.ru
Email: online@legascom.ru
#informationprotection #informationsecurity
When talking about security at the network level, it is necessary to talk about routers and routing algorithms. In the future, we will talk about using IPsec as a means of packet protection at the network level.
A router is a network layer device of the OSI reference model. This device uses one or more metrics to determine the optimal network traffic transmission path based on network layer information. The metrics are measured in the number of hops that a packet needs to make between different networks to reach the destination node. This definition implies that a router is primarily necessary to determine the further path of data sent to a large and complex network. The user of such a network sends his data to the network and specifies the address of his subscriber. The data travels through the network and at points with branching routes is sent to routers, which are installed at such points. The router chooses the further best path. Which way is better is determined by quantitative indicators called metrics. The best path is the path with the lowest metric. The metric can take into account several indicators, such as the length of the path, travel time, and so on.
There are several ways to implement routers. Routers come in upper, middle, and lower classes.
Top-class routers are high-performance devices that serve to connect enterprise networks. They support many protocols and interfaces. Routers of this type can have up to several dozen ports on local or global networks.
Mid-range routers are used to form smaller enterprise-scale network associations. The standard configuration of such devices includes two to three LAN ports and four to eight WAN ports. Such routers support the most common routing protocols and transport protocols.
Lower-class routing devices are designed for local unit networks; they connect small offices and branches to the enterprise network. Typical configuration: one LAN port (usually Ethernet) and two WAN ports designed for low-speed dedicated lines or dial-up connections.
It is worth noting that such routers are in great demand among administrators who need to expand their existing interconnections. Also, such devices are often used in home networks when it is necessary to organize Internet access for several machines.
Routers for basic networks and remote offices have different architectures because they have different functional and operational requirements. Routers used for basic networks must be extensible. Routing devices used for local unit networks, for which, as a rule, a fixed port configuration is set in advance, contain only one processor that controls the operation of three or four interfaces. They use approximately the same protocols as in basic network devices, but the software is more aimed at facilitating installation and operation, since most remote offices lack sufficiently qualified network service specialists.
Routers used in basic networks consist of the following main components: network adapters that depend on protocols and serve as interfaces with local and global networks; a control processor that determines the route and updates information about the topology; the main trunk. After the packet arrives at the interface module, it analyzes the destination address and accepts commands from the control processor to determine the output port. Then the packet is transmitted over the main backbone of the router to the interface module, which serves to communicate with the addressable segment of the local or global network.
A workstation or server with multiple network interfaces and equipped with special software can also act as a router. Top-class routers are usually specialized devices that combine multiple routing modules in a separate package.
By definition, the main purpose of routers is to route network traffic.
Let's define what the routing process looks like.
The routing process can be represented as two hierarchically related levels:
the routing level. The routing table is being worked on at this level. The routing table is used to determine the address (network layer) of the next router or the recipient directly at the available address (network layer), and after determining the transmission address, a specific physical output port of the router is selected. This process is called packet routing. The routing table is configured using routing protocols. The list of necessary services is determined at the same level.;
packet transmission level. Before transmitting a packet, it is necessary to: check the checksum of the packet header, determine the address (channel layer) of the packet recipient and send the packet directly, taking into account the order, fragmentation, filtering, etc. These actions are performed based on commands coming from the routing layer.
The data transmission route is determined programmatically. The corresponding software tools are called routing protocols. Their logic is based on routing algorithms. Routing algorithms calculate the cost of shipping and choose the path with the lowest cost. The simplest routing algorithms determine the route based on the smallest number of intermediate (transit) nodes on the way to the destination. More complex algorithms include several indicators in the concept of "cost", for example, packet transmission delay, bandwidth of communication channels, or the monetary cost of communication. The main result of the routing algorithm is the creation and maintenance of a routing table in which all route information is recorded. The content of the routing table depends on the routing protocol used. In general, the routing table contains the following information:
valid addresses of devices on the network;
routing protocol service information;
addresses of the nearest routers.
The main requirements for the routing algorithm are:
optimal route selection;
Ease of implementation;
stability;
fast convergence;
flexibility of implementation.
Optimal route selection is the main parameter of the algorithm, which requires no explanation.
Routing algorithms should be easy to implement and use as few resources as possible.
The algorithms must be resilient to equipment failures on the initially selected route, high loads, and errors in network construction.
Convergence is the process of agreeing information about the network topology between routers. If a certain event on the network causes some routes to become unavailable or new routes to appear, routers send messages about this to each other throughout the network. After receiving these messages, routers reassign optimal routes, which, in turn, can generate a new message stream. This process must be completed, and quickly enough, otherwise loops may appear in the network topology or the network may stop functioning altogether. Routing algorithms must quickly and correctly account for changes in network status (for example, a node or network segment failure).
So, we talked about what a router is, and also outlined the general requirements for routing algorithms. It is worth noting that in the event of a router failure in an organization, Internet access usually stops functioning. But that's not all. If the attackers somehow manage to change the information about the routes, network traffic may go in the wrong direction. This can allow attackers to carry out a number of application-level attacks, which we will discuss in detail in the following chapters of my book.
In the following posts, we will look at the main routing protocols and how to protect them.
