[ipv6hackers] CIsco HSRP hijacking
Tan Kean Siong
tankeansiong at gmail.com
Sun Dec 2 09:46:03 CET 2012
Hi Jim,
On 2 December 2012 04:35, Jim Small <jim.small at cdw.com> wrote:
>
> I'm assuming you mean if md5 authentication isn't used? If not, then yes
> you would be susceptible to spoofing attacks.
>
>
Yes. MD5 authentication is not enabled.
>
> > For IPv6 network, HSRPv2 would be in placed. Would this HSRP hijacking
> > technique works and applicable for IPv6 environment? Do anyone have a
> > success test case for this?
>
> You should be able to use scapy to do the same attack for any FHRP (HSRP,
> VRRP, GLBP) whether its v4 or v6 if the FHRP isn't using "secure"
> authentication. See:
> http://packetlife.net/blog/2008/oct/27/hijacking-hsrp/
> http://www.gotohack.org/2011/01/scapy-hsrp-md5-auth-dissecter-to.html
>
>
I actually refer to these same sites as references ; ) I understand about
the background mechanism how the hijacking process could work and HSRPv2
packet dissector class is not exists in Scapy v2.2.0-dev. I tried to make a
Proof of Concept with Raw() packet replay with higher Priority value, yet
no luck.
I am curios if you or anyone around have created such a success test case
before? I know theoretically it should happen. Thanks!
Regards,
Tan Kean Siong
More information about the Ipv6hackers
mailing list