[ipv6hackers] CIsco HSRP hijacking

Jim Small jim.small at cdw.com
Sat Dec 1 21:35:16 CET 2012


Hello,

> About Cisco HSRP (Hot Standby Routing Protocol), one of the favor attack
> vectors is malicious attacker could perform the HSRP hijacking by claiming
> a higher priority and become active router in the redundancy router pairs.
> It would happen in IPv4 network, due to insecure authentication.

I'm assuming you mean if md5 authentication isn't used?  If not, then yes you would be susceptible to spoofing attacks.

 
> For IPv6 network, HSRPv2 would be in placed. Would this HSRP hijacking
> technique works and applicable for IPv6 environment? Do anyone have a
> success test case for this?

You should be able to use scapy to do the same attack for any FHRP (HSRP, VRRP, GLBP) whether its v4 or v6 if the FHRP isn't using "secure" authentication.  See:
http://packetlife.net/blog/2008/oct/27/hijacking-hsrp/
http://www.gotohack.org/2011/01/scapy-hsrp-md5-auth-dissecter-to.html

Of course, MD5 is not really secure.  Perhaps in the future the FHRPs will transition to SHA-256?

--Jim





More information about the Ipv6hackers mailing list