The primary threat against router discovery is that a malicious node masquerades as a router. The attacker responds to RS messages from nodes on the link requesting router discovery with bogus RA messages, giving its own link layer address and link local
IPv6 address as a router address. The attacker can also multicast periodic bogus RA messages, thereby spoong nodes that are listening for the RA beacon on the link. The attacker can also cause nodes that have selected a legitimate router as the default to drop the legitimate router by multicasting RA beacons for the legitimate router with a lifetime of zero, thereby causing the victim node to select the attacker as the default router. Once a node has accepted the attacker as a default router, the attacker can manipulate the victim's trafc at its leisure. Packets can be inspected, service can be denied, etc.
Another attack involves compromising a legitimate last hop router, either by shutting the router down or by taking control of it. If the last hop router is killed, nodes on the link attempt to another router after a short delay. The attacker can advertise itself as a router. If a trusted router is taken over by an attacker, the attacker can then examine trafc, exactly the same as if the attacker had convinced the nodes on the link to accept it as a legitimate router in the place. These attacks are hard to protect against in system and protocol design.
Another attack involves compromising a legitimate last hop router, either by shutting the router down or by taking control of it. If the last hop router is killed, nodes on the link attempt to another router after a short delay. The attacker can advertise itself as a router. If a trusted router is taken over by an attacker, the attacker can then examine trafc, exactly the same as if the attacker had convinced the nodes on the link to accept it as a legitimate router in the place. These attacks are hard to protect against in system and protocol design.
Another more subtle attack involves advertising false parameters in RAs, like the wrong subnet prex or an indication that the link requires DHCP when it really does not. A victim node that uses the false parameters for local IP subnet con?guration would then be unable to obtain IP routing service, or, in the case of DHCP, a bogus DHCP server could hand out the address of a man-in-the-middle attacker or otherwise redirect trafc. This attack is similar to the bogus router attack, but does not require the attacker to actually advertise itself as a router in order to disrupt trafc.
access point vs router
Niciun comentariu:
Trimiteți un comentariu