The role of routers in a network is so crucial that they are often the targets of network attacks. Network administrators must be aware that routers are at risk from attack just as much as end-user systems.
In general, routing systems can be attacked by disrupting the routing peers or by falsifying the information carried within the routing protocol. Falsified routing information may generally be used to cause systems to misinform (lie to) each other, cause a denial-of-service (DoS) attack, or cause traffic to follow a path it would not normally follow. The consequences of falsifying routing information are:
- Redirecting traffic to create routing loops
- Redirecting traffic so it can be monitored on an insecure link
- Redirecting traffic to discard it
Click the Play button in the animation to see an example of an attack that creates a routing loop. An attacker has been able to connect directly to the link between routers R1 and R2. The attacker injects false routing information destined to router R1 only, indicating that R3 is the preferred destination to the 192.168.10.10/32 host route. Although R1 has a routing table entry to the directly connected 192.168.10.0/24 network, it adds the injected route to its routing table because of the longer subnet mask. A route with a longer matching subnet mask is considered to be superior to a route with a shorter subnet mask. Consequently, when a router receives a packet, it selects the longer subnet mask, because it is a more precise route to the destination.
When PC3 sends a packet to PC1 (192.168.10.10/24), R1 does not forward the packet to the PC1 host. Instead, it routes the packet to router R3, because the apparent best path to 192.168.10.10/32 is through R3. When R3 gets the packet, it looks in its routing table and forwards the packet back to R1, which creates the loop.
To mitigate against routing protocol attacks, configure OSPF authentication.