Networks Training

You are here: Home / Cisco General / BlackHat 2009 Router Exploitation Presentation

BlackHat 2009 Router Exploitation Presentation

Written By

I was reading an interesting presentation the other day, taken from BlackHat USA 2009 Briefings from Felix Lindner, and thought about sharing the main points here. The guy presents a reasonable analysis of the current situation regarding Router security and exploitation. As we all know, routers are exploitable of course, but not as easy as some “security Gurus” wants us to believe.

Some of the main points of the presentation are shown below:

  • There is not much research going on from the general security community regarding Router vulnerabilities. In 2008 there were only 14 vulnerabilities reported for Cisco and some open ssl and memory leak issues for Juniper.
  • Routers expose little functionality to remote attackers.
  • Attackers prefer to focus on servers rather than the network infrastructure.
  • Although router vendors started to implement more and more services on routers (such as VoIP, IPv6, SIP, H323, Lawful Intercept, SSL VPN, Web Service Routing etc) fortunately network engineers are slow in adopting all those new services. This means less vulnerabilities.
  • Routers are rarely used as clients, so client site attacks are very rare.
  • Router operating systems based on UNIX flavors are easier to exploit.
  • Cisco is a monolithic architecture and IOS runs as a single large binary program running directly on the CPU. IOS is harder to exploit.
MORE READING:  Configuring Cisco IP SLA (IP Service Level Agreement Tutorial)

The presentation then continues with some useful recommendations for protecting Routers as described below:

Router Protection:

  • Block traffic destined to any interface of the router itself. Only exception is traffic from management stations.
  • Use MD5 on routing protocols
  • Avoid running network services on your routers (such as HTTP,FTP,TFTP etc)
  • Avoid running VoIP services on border or exposed routers.
  • Monitor the router’s service modules independently.
  • Use a configuration monitoring tool to observe any changes in IOS configuration. An excellent tool for this is RANCIT (Really Awesome New Cisco Config Differ) from http://www.shrubbery.net/rancid/
  • Configure Core Dumping

Related Posts

Filed Under: Cisco General, Cisco Routers

Download Free Cisco Commands Cheat Sheets

Enter your Email below to Download our Free Cisco Commands Cheat Sheets for Routers, Switches and ASA Firewalls.

We use Elastic Email as our marketing automation service. By submitting this form, you agree that the information you provide will be transferred to Elastic Email for processing in accordance with their Terms of Use and Privacy Policy. Also, you allow me to send you informational and marketing emails from time-to-time.

About Harris Andrea

Harris Andrea is an Engineer with more than two decades of professional experience in the fields of TCP/IP Networks, Information Security and I.T. Over the years he has acquired several professional certifications such as CCNA, CCNP, CEH, ECSA etc.

He is a self-published author of two books ("Cisco ASA Firewall Fundamentals" and "Cisco VPN Configuration Guide") which are available at Amazon and on this website as well.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About Networks Training

We Provide Technical Tutorials and Configuration Examples about TCP/IP Networks with focus on Cisco Products and Technologies. This blog entails my own thoughts and ideas, which may not represent the thoughts of Cisco Systems Inc. This blog is NOT affiliated or endorsed by Cisco Systems Inc. All product names, logos and artwork are copyrights/trademarks of their respective owners.

Amazon Disclosure

As an Amazon Associate I earn from qualifying purchases.
Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.

BLOGROLL

Tech21Century
Firewall.cx