Peer Hijack

Idea behind peer hijacking is to maliciously change legitimate peer router with one of the attacker which can let him to redirect user traffic and then sniff all sensitive information or just drop routing traffic which could lead to disrupting communications in core network which could have very negative effect on corporate core network.

Vectors

Attacker can use different vectors to conduct this type of attack:

  • MAC or ARP spoof attacker will poison arp cache of peer devices and redirect all traffic through himself or just drop traffic
  • Sniffing routing traffic and then attacker perform modifications on routing updates
  • Take control over peer device because of very poor device security using telnet or SNMP v1 v2c

This allow attacker to perform attack on other part of the network.

Untitled

Mitigations:

To mitigate such type of attacks it’s good to enable different type of security of the devices like 802.1x, arp inspection, port security and implement some type of ip or mac access lists. Device hardening also should be very important part of mitigation securing remote access to devices will not allow attacker to gain easy access to this router.