Information
Logging changes to the EIGRP peering relationships is recommended. This setting is enabled by default.
Rationale:
Any logged changes in a routing peer relationship will in the best case indicate a service issue due to standard operational issues (connectivity issues and so on) or in the worst case, could indicate malicious activity attempting to subvert the peering relationship and/or the routing table.
Impact:
Errors on adjacency relationships are a common early warning message in attacks on routers. If successful, a malicious actor can advertise bogus routes to valid hosts or networks, allowing the interception and modification of traffic intended for those hosts or subnets.
For this reason it is important that EIGRP endpoints alert on any interruptions in adjacency.
Solution
By default EIGRP adjacency changes are logged, and this does not show in the configuration.
If however it is disabled, it can be re-enabled as shown below.
switch(config)# router eigrp <eigrp process tag>
switch(config-router)# log-adjacency-changes
Default Value:
By default logging of eigrp adjacency changes is enabled.
Item Details
Category: ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
References: 800-53|AC-18, 800-53|AC-18(1), 800-53|AC-18(3), 800-53|AU-3, 800-53|AU-3(1), 800-53|AU-7, 800-53|AU-12, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SC-23, CSCv7|11.2
Control ID: 56521f58940d47b9bbe7db1fe766c5dd80bb142b9ddd032122626be6fea773cd