Threats to and Attacks on Routers

Examples of threats to routers:

• Unauthorized access

• Session hijacking

• Masquerading

• Eavesdropping

• Information theft Examples of attack techniques:

• Password guessing

• Routing protocol attacks

• IP fragmentation attacks for DoS

• Ping of death attacks

• Session replay attacks

Some general threats to routers include (but are not limited to) unauthorized access, session hijacking, rerouting, masquerading, DoS, eavesdropping, and information theft.

Unauthorized access may occur when one of the following occurs:

■ Session hijacking may occur if an attacker can insert falsified IP packets after session establishment via IP spoofing, sequence number prediction and alteration, or other methods.

■ Rerouting attacks can include manipulating router updates to cause traffic to flow to unauthorized destinations.

■ Masquerade attacks occur when an attacker manipulates IP packets to falsify IP addresses. Masquerades can be used to gain unauthorized access or to inject bogus data into a network.

Here are examples of attack techniques:

■ Password guessing can be used as an attempt to access the router management port.

■ Routing protocol attacks such as Routing Information Protocol (RIP) attacks where an attacker can forge RIP routing updates to a router to cause the router to forward packets toward the attacker.

■ Simple Network Management Protocol (SNMP) attacks are possible because of the numerous vulnerabilities that have been reported in the SNMP implementations of multiple vendors. These vulnerabilities may allow unauthorized privileged access and DoS attacks or cause unstable behavior.

■ IP fragmentation attacks can be used to bypass the router traffic filtering. Traditionally, packet filters are only applied to the non-fragments and the initial fragment of an IP packet because they contain both Layer 3 and Layer 4 information that the packet filters can match to a "permit" or "deny" action. Non-initial fragments are traditionally allowed through the packet filters because these fragmented packets do not contain Layer 4 information.

© 2006 Cisco Systems, Inc. Securing the Perimeter 2-5

■ Ping of death attacks involve the creation of an Internet Control Message Protocol (ICMP) echo-request packet that is larger than the maximum packet size of 65,535 bytes. The attacker hopes that the receiving router will crash while attempting to reassemble the packet.

■ Distributed denial of service (DDoS) attacks use a number of compromised sites to flood a target site with sufficient traffic or service requests to render it useless to legitimate users.

■ Session replay attacks use a sequence of packets or application commands that can be recorded, possibly manipulated, and then replayed to cause an unauthorized action or to gain access.

Properly securing a router against these types of attacks will be required to protect the network infrastructure.

2-6 Securing Cisco Network Devices (SND) v2.0 © 2006 Cisco Systems, Inc.

Router Security Principles

This topic explains the three principles of router security.

This topic explains the three principles of router security.

Think about router security in terms of its physical security, the features and performance of the router operating system, the protection of the router configurations, and the elimination of potential abuse of unused ports and services through router hardening. Some specific points to consider about these principles are as follows:

■ To provide physical security for a router, take these actions:

— Place the router in a locked room that is accessible only to authorized personnel, is free of electrostatic or magnetic interference, and has controls for temperature and humidity.

— Install an uninterruptible power supply and keep spare components available. This reduces the possibility of a DoS attack from power loss to the building.

— Configure the router with the maximum amount of memory possible. Availability of memory can help protect against some DoS attacks, while supporting the widest range of security services.

— Store physical devices used to connect to the router in a secure place.

■ The security features in an operating system evolve over time; however, the latest version of an operating system may not be the most stable version available. To get the best security performance from your operating system, use the latest stable release that meets the feature requirements of your network. Also, keep a secure copy of the router operating system image and router configuration file as a backup.

■ A router is similar to many computers in that it has many services enabled by default. Many of these services are unnecessary and may be used by an attacker for information gathering or for exploitation. You should harden your router configuration by disabling unnecessary services.

© 2006 Cisco Systems, Inc. Securing the Perimeter 2-7

Was this article helpful?

+3 -1


  • romolo monaldo
    How router configurations that protect against threats?
    2 months ago

Post a comment