Results 1 to 4 of 4

Thread: RIP Poisoning -- What's the 'worst case senario'?

  1. #1
    Just burned his ISO
    Join Date
    Apr 2010
    Posts
    11

    Default RIP Poisoning -- What's the 'worst case senario'?

    I've got a client where an internal scan said one of their core routers has a RIP-2 Poisoning issue.

    This is the exact Nessus description:
    Tenable Network Security

    I understand that an attacker could create bogus routes, but what's the worst case scenario?
    Any traffic on the LAN isn't going to be routed anyway, so any LAN traffic should be effected by this right?
    You could do a man in the middle with WAN traffic, you could intercept emails. Anything else?


    .

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: RIP Poisoning -- What's the 'worst case senario'?

    1) Do some reading about RIP-2 and find out if the agent in question requires the authentication the Nessus plugin talks about.
    2) If traffic on the LAN isn't routed how is it going to get anywhere?
    3) If the system in question is a router then this is a big deal as you can re-route or alter traffic crossing the device. If the system in question is a single workstation then you'll only be able to affect traffic to/from said workstation.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  3. #3
    Senior Member voidnecron's Avatar
    Join Date
    May 2010
    Posts
    132

    Default Re: RIP Poisoning -- What's the 'worst case senario'?

    I think what he means with LAN traffic not being routed is that it broadcasts its way around the LAN, not necessarily needing a router.
    "The difference between RAID1 and RAID0 is that the zero stands for how many files you're gonna have after a harddisk failure."

  4. #4
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    15

    Default Re: RIP Poisoning -- What's the 'worst case senario'?

    JMPEBX, be careful not to immediately assume that your internal network will not be affected by a routing protocol compromise too. Depending on your internal network topology and what devices are actually using a vulnerable routing protocol, you could summarize internal networks differently than how they're intended to be and actually route internal traffic to different destinations. It all depends on their internal network topology and what devices are actually using the routing protocol in question.

    A routing protocol compromise can result in a DoS and in a worst case scenario your entire network security could be compromised.

Similar Threads

  1. new senario of cracking wep i need help plz.
    By reslan_912 in forum Beginners Forum
    Replies: 0
    Last Post: 02-27-2010, 06:41 PM
  2. new senario of cracking wep i need help plz.
    By imported_reslan_912 in forum OLD Newbie Area
    Replies: 0
    Last Post: 02-27-2010, 04:44 PM
  3. Replies: 5
    Last Post: 08-27-2009, 04:30 AM
  4. Replies: 38
    Last Post: 12-24-2008, 09:18 AM
  5. upper case login?
    By hyeclass in forum OLD Newbie Area
    Replies: 0
    Last Post: 04-06-2008, 02:40 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •