Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : Rerouting Attacks

Rerouting Attacks

Sep 10,2009 by alperen

small font medium font large font
image

Rerouting Attacks

A router ICMP redirect message directs a host to use another router as its path to a particular destination because it has a better route. The rules say a router will send redirects only to hosts on its own local subnets. No user host will ever send a redirect and no redirect will travel more than one network hop. Unfortunately, attackers don’t play by the rules. Some attacks are based on this.

Figure 5-6 shows a situation where using the host default gateway wouldn’t reach the target destination in network 10.1.1.0. The following debug message shows Rtr1 sending a debug message to host 192.168.1.10 to use router Rtr2 (192.168.1.200) as the gateway to reach the destination 10.1.1.10.

Rtr1#debug ip icmp
ICMP packet debugging is on
ICMP: redirect sent to 192.168.1.10 for dest 10.1.1.10, use gw 192.168.1.200
Rtr1#
Click To expand
Figure 5-6: Router Rtr1 redirects traffic to Rtr2

By default, Cisco routers send ICMP redirects. You can use the interface subcommand no ip redirects to disable ICMP redirects. Another solution is to use an ACL to filter out any incoming ICMP redirects. The following code contains examples of each:

Rtr1(config)#interface ethernet 0
Rtr1(config-if)#no ip redirects
Rtr1(config-if)#^Z
Rtr1#
Rtr1#conf t
Rtr1(config)#access-list 125 deny   icmp any any redirect
Rtr1(config)#access-list 125 permit ip any any 
Rtr1(config)#interface serial 0
Rtr1(config-if)#ip access-group 125 in
Rtr1(config-if)#^Z
Rtr1#

This filtering prevents only redirect attacks by remote attackers, but does nothing against an attacker that has internal access to the same segment as a host that’s under attack.


561 times read

Related news
» Redirecting ICMP with HSRP
by admin posted on Jul 21,2008
» Traffic Filtering
by alperen posted on Jul 08,2009
» ICMP Access Lists
by alperen posted on Mar 24,2010
» Debugging IP NAT
by alperen posted on Sep 09,2009
» Limiting Access to Telnet Sessions
by alperen posted on Jul 08,2009
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.