Router Attacks – DNS Redirect
DNS Redirect Prevention
Another attack happens to be in the Cisco Discovery Protocol which can be used by default with all cisco devices. First off this protocol is enabled by default. CDP contains information about the network device such as the software version, IP address, platform, capabilities, and the native VLAN, (Popeskic, 2011). This information is also sent in complete clear text. When this information is sniffed off of the VLAN internet traffic an attacker can use this to find other exploits to orchestrate an attack such as Denial of Service (DoS) attack. CDP is also unauthenticated meaning an attacker can craft fraudulent CDP packets and have them received by the attacker’s directly connected Cisco device. If an attacker can get access to the router via SNMP or Telnet an attacker can find the entire topology of a network at Layer 2 and Layer 3. Which also includes IOS levels, router and switch model types, and IP addressing schema.
The way of preventing against the CDP attack is to simply disable the default configuration which allows this on the router. Most administrators need to not just focus on disabling on a single interface which allows the CDP table to stay populated, but to disable on the entire device. (Redscan, 2013) says, “CDP can be useful and, if it can be isolated by not allowing it on user ports, then it can help make the network run more smoothly.”
Figure 1. Warning message displayed on HTTP website from infected router.
Popeskic, V. (2011, December 16). cdp attacks – cisco discovery protocol attack. Retrieved from https://howdoesinternetwork.com/2011/cdp-attack
Redscan. (2013, December 19). Ten top threats to vlan security – redscan. Retrieved from https://www.redscan.com/news/ten-top-threats-to-vlan-security/
TrendLabs Security. (2010, August 10). trend labs security intelligence blog protecting your router against possible dns rebinding attacks – trend labs security intelligence blog. Retrieved from http://blog.trendmicro.com/trendlabs-security-intelligence/protecting-your-router-against-possibl-dns-rebinding-attacks/
TrendLabs Security. (2015, May 20). trend labs security intelligence blog new router attack displays fake warning messages – trend labs security intelligence blog. Retrieved from http://blog.trendmicro.com/trendlabs-security-intelligence/new-router-attack-displays-fake-warning-messages/