Tag Archives: RIP

AT&T and BellSouth Passing Out Routers that enable DDoS Attacks

One of the more interesting TCP-IP vulnerabilities is its ability to guarantee the location of where a packet is coming from.  RIP is an essential component of a TCP/IP network.  RIP is the Routing Information Protocol which is used to distribute routing information within networks, such as shortest-paths, and advertising routes out from the local network, (CHAMBERS, DOLSKE, & IYER, n.d.).  The flaw in RIP is that it doesn’t have built in authentication much like TCP/IP.  This attack is significant because RIP attacks change where the data may go to unlike common attacks that change where data has come from. When an attacker is able to compromise RIP addresses and send them from anywhere in the world this poses a huge security flaw.  Attackers can forge RIP packets claiming that they are another host and they have the fastest route or path out of the network.  This is troubling as there is a higher level DDOS attack that uses the RIPv1 protocol called Reflection Amplification Attacks. (Mimoso, 2015) says, “Reflection attacks happen when an attacker forges its victim’s IP addresses in order to establish the victim’s systems as the source of requests sent to a massive number of machines.”  Because the attacker is in control of the RIP it can send many requests on behalf of a network.  The recipients of the request issue an overwhelming flood of responses back to the victim’s network thus crashing that network, (Mimoso, 2015).

I chose this vulnerability because it’s very current in the landscape of DDOS attacks and Threat post by Kapersky Labs suggest that this is only going to grow into the coming years.  The easiest way to stop this is to use routers with RIPv2 and above.  Unfortunately, a large number of the routers that have been compromised using this deprecated technology comes from AT&T and BellSouth and they are regularly distributed in the United States.

References

CHAMBERS, C., DOLSKE, J., & IYER, J. (n.d.). tcp/ip security – department of computer and information science. Retrieved from http://www.linuxsecurity.com/resource_files/documentation/tcpip-security.html

Mimoso, M. (2015, July 1). ripv1 reflection amplification ddos attacks | threatpost | the first stop for security news. Retrieved from https://threatpost.com/attackers-revive-deprecated-ripv1-routing-protocol-in-ddos-attacks/113582/