RIP Poisoning Routing Table Modification (Adjacent Network)

medium Nessus Plugin ID 39587

Language:

Synopsis

Routing tables can be modified.

Description

It was possible to poison the remote host routing tables through the RIP protocol.

An attacker may use this to hijack network connections.

Several RIP agents reject routes that are not sent by a neighbor, so this flaw may not be exploitable from a non-adjacent network.

Solution

Either disable the RIP listener if it is not used, use RIP-2 in conjunction with authentication, or use another routing protocol.

Plugin Details

Severity: Medium

ID: 39587

File Name: rip_poison_lan.nasl

Version: Revision: 1.5

Type: remote

Family: Misc.

Published: 7/2/2009

Updated: 1/25/2013

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: Services/udp/rip

Detections

Analytics