RIP Spoofing contents.gifindex.gif

RIP Spoofing

By sending out forged RIP packets, an intruder can change the routing for a network connection, allowing sniffing, spoofing, hijacking, and dropping packets on the connection not originally going through a network. Vulnerable machines are ones running non-authenticated RIP.

RIP is a commonly used method for a local network to share routing information. An intruder can inject false routing packets into the routing table on the host, forcing packets to be sent to the intruder's machine for reading or modification. RIP is commonly used by the routed service. The scanner tries to add an entry to the routers target routing table.

Risk: Medium/High

Fix: If you are using a simple gateway, you may be able to set a default route and not need to use such a service. In cases where it is necessary to maintain a routing service on your network, the newer RIP-2 or OSPF routing protocols includes a simple password scheme that will prevent machines outside of the network from being able to modify your routing tables. Contact your vendor for information on how to upgrade your routing protocol.