Routing protocols

../../_images/sec-route-protocols.png

This task checks that routing protocols are not available on customer ports. If such protocols are available, malicious customers can interfere with the router signaling and launch MITM and DoS attacks using the routing protocols.

Note

This task requires routers in the network. The test cannot be performed against switches only.

Tested protocols:

  • BGP

  • EIGRP

  • IGRP

  • IS-IS

  • OSPF

  • RIPv2

References

The test performed conforms to SAVI section 3.1.7.

Impact

MITM, DoS

Test procedure

Customer sends multicast join messages used by the above routing protocols and then listens during 60 seconds for traffic on each protocol.

Fail criteria

  • A packet from any routing protocol is received at Customer.

Parameters

General

  • Customer: A Test Agent interface acting as a customer.

  • ISP: A Test Agent interface acting as a central node on a trusted port.