Earlier today Network World posted an article regarding a vulnerability that had been discovered in the OSPF (Open Shortest Path First) routing protocol.
The whole of Twitter, G+, Facebook, Forums etc seems to be running with this article and saying how bad it is for everyone.
The exploit that is being discussed is where an attacker can inject falsified LSA’s into the OSPF database therefore possibly creating a MITM (man in the middle) / DoS (denial of service) attack on your network.
When I first read the article it made me think about other protocols that are vulnerable in this very same way.
A lot of networks out there use a first-hop redundancy protocol such as HSRP (for the Cisco world), VRRP or GLBP to provide hosts on a particular subnet the ability to still route via their default gateway in the event of a hardware or circuit (with additional config) failure.
The basis of the attack that is carried out is that you start injecting HSRP hello packets into the network with a more preferrable (in the case of HSRP a higher) priority than the current active router. Once your machine has taken over as the HSRP master it will then start receiving all outgoing (or some, depending on the configuration of your network) traffic.
My thoughts Personally I’m not worried, all the networks that I work on have authentication enabled which means that unless someone comes up with a way of reversing the MD5 hash in my routing/HSRP packets then they aren’t going to make a blind bit of difference.
Yes, there is the possibility that a compromised router on your network could cause issues by seeing you config and possibly your passwords but at the same time, if the router was compromised then the attacker could already cause a lot of headaches with no exploits needed.