[ipv6hackers] CIsco HSRP hijacking

Tan Kean Siong tankeansiong at gmail.com
Sun Dec 2 09:46:03 CET 2012

Hi Jim,

On 2 December 2012 04:35, Jim Small <jim.small at cdw.com> wrote:

> I'm assuming you mean if md5 authentication isn't used?  If not, then yes
> you would be susceptible to spoofing attacks.
Yes. MD5 authentication is not enabled.

> > For IPv6 network, HSRPv2 would be in placed. Would this HSRP hijacking
> > technique works and applicable for IPv6 environment? Do anyone have a
> > success test case for this?
> You should be able to use scapy to do the same attack for any FHRP (HSRP,
> VRRP, GLBP) whether its v4 or v6 if the FHRP isn't using "secure"
> authentication.  See:
> http://packetlife.net/blog/2008/oct/27/hijacking-hsrp/
> http://www.gotohack.org/2011/01/scapy-hsrp-md5-auth-dissecter-to.html
I actually refer to these same sites as references ; )  I understand about
the background mechanism how the hijacking process could work and HSRPv2
packet dissector class is not exists in Scapy v2.2.0-dev. I tried to make a
Proof of Concept with Raw() packet replay with higher Priority value, yet
no luck.

I am curios if you or anyone around have created such a success test case
before? I know theoretically it should happen. Thanks!

Tan Kean Siong

More information about the Ipv6hackers mailing list