This test checks that router redundancy protocols are unavailable at customer ports. If such protocols are available, a malicious customer can sniff the protocols and then force other customers to point their default traffic route to the malicious customer, thus launching a MITM attack.
Note: For this test, routers must be present in the network. The test cannot be performed against switches only.
Impact: MITM, DoS
- Malicious listens during 60 seconds for traffic on each of the above protocols.
- A packet from any router redundancy protocol is received by Malicious.
This test conforms to SEC Access Certification ID "SEC-V4-xxRP-1" and to SAVI RFC 6959 section 3.1.7.
- Malicious Customer: A customer interface performing malicious actions.
- ISP: A central node on a trusted port.