| VID |
13008 |
| Severity |
30 |
| Port |
520 |
| Protocol |
RIP |
| Class |
Protocol |
| Detailed Description |
The routing table is retrieved from the target host's routing daemon.
RIP is commonly used as routing protocol for a small network. The routing daemons periodically exchange the RIP packets to send or receive some routing information and then update the routing table for host it is running on.
But, without request filtering, if RIP request packet is received, routing daemon returns RIP response packet including routing information. Outside access to your routing table reveals a significant amount of information about the internal structure of your network. A malicious attacker can be attempt to add false routing entries to your routing table and to modify your routing table.
* References:
http://www.iss.net/security_center/static/103.php |
| Recommendation |
Use RIP version 2 with it's MD5 security mechanisms in place, or migrate to alternate routing protocols, such as OSPF with MD5 authentication.
-- OR --
Prevent RIP traffic from entering your network by blocking port 520 UDP at your border router. |
| Related URL |
CVE-1999-0111 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
