index_27
UNCLASSIFIED
Background and Review
Version 1.0g
UNCLASSIFIED
27
2.6. Quick Review of Attacks on Routers
General threats include but are not limited to: unauthorized access, session hijacking,
rerouting, masquerading, denial of service (DoS), eavesdropping, and information
theft. In addition to threats to a router from the network, dial up access to a router
exposes it to further threats.
Attack techniques include: password guessing, routing protocol attacks, SNMP
attacks, RIP attacks, IP fragmentation attacks to bypass filtering, redirect (address)
attacks, and circular redirect for denial of service.
Session replay attacks use a sequence of packets or application commands that can be
recorded, possibly manipulated, and then replayed to cause an unauthorized action or
gain access.
Rerouting attacks can include manipulating router updates to cause traffic to flow to
unauthorized destinations.
Masquerade attacks occur when an attacker manipulates IP packets to falsify IP
addresses.
Session Hijacking may occur if an attacker can insert falsified IP packets after
session establishment via IP spoofing, sequence number prediction and alteration, or
other methods.
Note that careful router configuration can help prevent a (compromised) site from
being used as part of a distributed denial of service (DDoS) attack. DDoS attacks use
a number of compromised sites to flood the target site with sufficient traffic to render
it useless to legitimate users.
An enumeration of steps to take to improve router security, and an explanation of the
tradeoffs involved is the substance of later sections of this document.