RIP protocol security.
Oleg Petukhov, lawyer in the field of international law and personal data protection, information security specialist security, protection of information and personal data.
Telegram channel: https://t.me/protectioninformation
Telegram Group: https://t.me/informationprotection1
Website: https://legascom.ru
Email: online@legascom.ru
#informationprotection #informationsecurity
Speaking of threats to the dynamic routing protocol, it is worth first of all remembering classic attacks, such as various types of DDoS, as well as listening and modifying traffic. The RIP protocol uses UDP at the transport layer and port 520. Information about routes is exchanged every 30 seconds. Accordingly, any low-level attack on the communication channel between routers will lead to the fact that within a maximum of a minute, the routers, having failed to exchange routing tables, will begin to report the inaccessibility of nodes in other networks. Since UDP does not require the establishment of connections, the sent packets will simply be "lost" in fully loaded communication channels.
Denial of service attacks are a common threat across various devices and applications. They are not specific to RIP. Accordingly, the methods of dealing with them are also typical, such as the use of intrusion detection tools and traffic analysis, as well as those services to combat low-level DDoS offered by large Internet service providers.
DDoS attacks come in two types:
low-level attacks use "flooding" of the TCP/IP protocol stack with transport layer packets, an example of an attack is SYN-flood;
high-level attacks use multiple requests at the application level in order to exhaust resources by the target system. An example of an attack is multiple GET requests to a web server.
Listening to and modifying traffic is another matter.
Here, the main threats typical of the RIP routing protocol are:
false routes;
downgrading the RIP protocol version;
hacking the MD 5 hash.
We will carry out some practical work on the implementation of these attacks.
But before we start considering attacks and ways to protect against them, let's define the tools that will be used for testing. Obviously, to exchange information about routes, you need to have your own router. Using a physical device for this in the age of virtual technology will not be the best solution, so we will choose a virtual machine with Linux OS installed.
There are several possible solutions, such as Cisco software simulators or open source software.
The most famous Cisco software simulator is Dynamips), which allows you to deploy a software analog of a physical router running a real image of the Cisco IOS operating system. However, the iOS image is not free software. This is an in-house development by Cisco Systems, and it is impossible to obtain this image by legal means without purchasing the appropriate licenses. However, if you already have a dynamips-supported router operating system image, then this simulator is the best solution to create your own virtual router. There are also open source solutions like Quagga.
However, since all the settings listed in the section use the syntax of the Cisco IOS operating system, I would recommend using Dynamips to avoid compatibility issues.
In the next post, we will go directly to the description of the attacks mentioned earlier.
