
RIP Spoofing
By sending out forged RIP packets, an intruder can change the routing for a
network connection, allowing sniffing, spoofing, hijacking, and dropping packets
on the connection not originally going through a network. Vulnerable machines
are ones running non-authenticated RIP.
RIP is a commonly used method for a local network to share routing
information. An intruder can inject false routing packets into the routing table on the
host, forcing packets to be sent to the intruder's machine for reading or
modification. RIP is commonly used by the routed service. The scanner tries to add an
entry to the router
Risk: Medium/High
Fix: If you are using a simple gateway, you may be able to set a default route and
not need to use such a service. In cases where it is necessary to maintain a
routing service on your network, the newer RIP-2 or OSPF routing protocols
includes a simple password scheme that will prevent machines outside of the network
from being able to modify your routing tables. Contact your vendor for
information on how to upgrade your routing protocol.