Router redundancy protocol listening

This test checks that router redundancy protocols are unavailable at customer ports. If such protocols are available, a malicious customer can sniff the protocols and then force other customers to point their default traffic route to the malicious customer, thus launching a MITM attack.

Note: For this test, routers must be present in the network. The test cannot be performed against switches only.

Tested protocols:

  • VRRP/CARP
  • GLBP
  • HSRP

Impact: MITM, DoS

Test process

  • Malicious listens during 60 seconds for traffic on each of the above protocols.

Fail criteria

  • A packet from any router redundancy protocol is received by Malicious.

References

This test conforms to SEC Access Certification ID "SEC-V4-xxRP-1" and to SAVI RFC 6959 section 3.1.7.

Parameters

General

  • Malicious Customer: A customer interface performing malicious actions.
  • ISP: A central node on a trusted port.
Have more questions? Submit a request

Comments

Powered by Zendesk