---

---

UNCLASSIFIED Background and Review Version 1.0g  UNCLASSIFIED 27   2.6.  Quick “Review” of Attacks on Routers General threats include but are not limited to: unauthorized access, session hijacking, rerouting, masquerading, denial of service (DoS), eavesdropping, and information theft. In addition to threats to a router from the network, dial up access to a router exposes it to further threats. Attack techniques include: password guessing, routing protocol attacks, SNMP attacks, RIP attacks, IP fragmentation attacks – to bypass filtering, redirect (address) attacks, and circular redirect – for denial of service. Session replay attacks use a sequence of packets or application commands that can be recorded, possibly manipulated, and then replayed to cause an unauthorized action or gain access. Rerouting attacks can include manipulating router updates to cause traffic to flow to unauthorized destinations. Masquerade attacks occur when an attacker manipulates IP packets to falsify IP addresses. Session Hijacking may occur if an attacker can insert falsified IP packets after session establishment via IP spoofing, sequence number prediction and alteration, or other methods. Note that careful router configuration can help prevent a (compromised) site from being used as part of a distributed denial of service (DDoS) attack. DDoS attacks use a number of compromised sites to flood the target site with sufficient traffic to render it useless to legitimate users. An enumeration of steps to take to improve router security, and an explanation of the tradeoffs involved is the substance of later sections of this document.