Problem solve Get help with specific problems with your technologies, process and projects.

Routing protocol security

Here are some of the most common attacks directed at routing infrastructures and the steps you can take to mitigate risk.

This article from InformIT lists some of the most common attacks directed at routing infrastructures and the steps you can take to mitigate the risk of an attack.

Routing security has received varying levels of attention over the past several years and has recently begun to attract more attention specifically around Border Gateway Protocol (BGP) on the public Internet. Despite this new attention, however, the area most open to attack is often not the Internet's BGP tables but the routing systems within your own enterprise network. Because of some of the sniffing-based attacks, an enterprise routing infrastructure can easily be attacked with man-in-the-middle and other attacks designed to corrupt or change the routing tables with the following results:

  • Traffic redirection—In this attack, the adversary is able to redirect traffic, enabling the attacker to modify traffic in transit or simply sniff packets.
  • Traffic sent to a routing black hole—Here the attacker is able to send specific routes to null0, effectively kicking IP addresses off of the network.
  • Router denial-of-service (DoS)—Attacking the routing process can result in a crash of the router or a severe degradation of service.
  • Routing protocol DoS—Similar to the attack previously described against a whole router, a routing protocol attack could be launched to stop the routing process from functioning properly.
  • Unauthorized route prefix origination—This attack aims to introduce a new prefix into the route table that shouldn't be there. The attacker might do this to get a covert attack network to be routable throughout the victim network.


There are four primary attack methods for these attacks:

  • Configuration modification of existing routers
  • Introduction of a rogue router that participates in routing with legitimate routers
  • Spoofing a valid routing protocol message or modifying a valid message in transit
  • Sending of malformed or excess packets to a routing protocol process

These four attack methods can be mitigated in the following ways:

  • To counter configuration modification of existing routers, you must secure the routers. This includes not only the configuration of the router but also the supporting systems it makes use of, such as TFTP servers.
  • Anyone can attempt to introduce a rogue router, but to cause damage, the attacker needs the other routing devices to believe the information that is sent. This can most easily be blocked by adding message authentication to your routing protocol. Additionally, the routing protocol message types can be blocked by ACLs from networks with no need to originate them.
  • Message authentication can also help prevent the spoofing or modification of a valid routing protocol message. In addition, the transport layer protocol (such as TCP for BGP) can further complicate message spoofing because of the difficulty in guessing pseudo-random initial sequence numbers (assuming a remote attacker).
  • Excess packets can be stopped through the use of traditional DoS mitigation techniques. Malformed packets, however, are nearly impossible to stop without the participation of the router vendor. Only through exhaustive testing and years of field use do routing protocol implementations correctly deal with most malformed messages. This is an area of computer security that needs increased attention, not just in routing protocols but in all network applications.

As you can see, stopping all these attacks is not a matter of flipping on the secure option in your routing protocols. You must decide for your own network what threats need to be stopped. In addition to the specific threats mentioned here, it is also very useful to follow the network design best practices of not running routing protocols on interfaces with no reason to route and of using distribution lists to limit the routing prefixes that are sent or received by a specific routing instance. Details on distribution lists can be found in your favorite Internet routing book.

This tip originally appeared on our sister site, Read more of this article, which discusses other aspects of network security, at InformIT.

This was last published in February 2005

Dig Deeper on Information security policies, procedures and guidelines