Routing Protocol Attack

Dynamic routing protocols, of which RIP, OSPF and BGP are the most widely deployed, have been increasingly abused by malicious users over the past few years. In the absence of strong authentication enforcement verifying that routing information comes from the true peer router, a malicious user may spoof or modify valid routing protocol messages and corrupt or change routing tables of a network. This might result in redirection of some or all network traffic, connectivity problems, excessive bandwidth consumption and potential denial of service of both the router and the routing protocol.

The ability of a network to properly forward traffic and recover from topology changes or faults is dependent on an accurate view of the topology. Running an Interior Gateway Protocol (IGP) can often provide this view. By default, IGPs are dynamic and discover additional routers that communicate with the particular IGP in use. IGPs also discover routes that can be used during a network link failure.

Failure to secure the exchange of routing information allows an attacker to introduce false routing information into the network. By using password authentication with routing protocols between routers, you can aid the security of the network. However, because this authentication is sent as cleartext, it can be simple for an attacker to subvert this security control.

By adding MD5 hash capabilities to the authentication process, routing updates no longer contain cleartext passwords, and the entire contents of the routing update is more resistant to tampering. However, MD5 authentication is still susceptible to brute force and dictionary attacks if weak passwords are chosen. You are advised to use passwords with sufficient randomization. Since MD5 authentication is much more secure when compared to password authentication, these examples are specific to MD5 authentication. IPSec can also be used in order to validate and secure routing protocols.

Mitigations

Routing Protocol Authentication and Verification

Routing protocol authentication is the most important step to prevent unauthorized routing table influence. In addition to that you should add secure password authentication with the use of MD5 hashing. Other measures to secure routing protocol operation include configuration of infrastructure ACLs, passive interface, route filters, limit number of routing prefixes or other protocol specific steps.

Passive Interface 

Passive Interface is used to stop sending updates on interfaces that face end users or other networks that you do not want to send routing protocol updates to. Information leaks, or the introduction of false information into an IGP, can be mitigated through use of the passive-interface command that assists in controlling the advertisement of routing information. You are advised not to advertise any information to networks that are outside your administrative control.

Route Filtering 

In order to reduce the possibility of introducing false routing information in the network, you must utilize Route Filtering. Unlike the passive-interface router configuration command, routing occurs on interfaces once route filtering is enabled, but the information that is advertised or processed is limited.

Routing Process Resource Consumption 

Routing Protocol prefixes are stored by a router in memory, and resource consumption increases with additional prefixes that a router must hold. In order to prevent resource exhaustion, it is important to configure the routing protocol to limit resource consumption. This is possible with OSPF by utilising the Link State Database Overload Protection feature.

BGP prefixes are stored by a router in memory. The more prefixes that a router must hold results in BGP consuming more memory. In some configurations, a subset of all Internet prefixes can be stored, such as in configurations that leverage only a default route or routes for a provider’s customer networks.

In order to prevent memory exhaustion, it is important to configure the maximum number of prefixes that is accepted on a per-peer basis. It is recommended that a limit be configured for each BGP peer.