O'Reilly logo

Hardening Cisco Routers by Thomas Akin

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 9. Secure Routing and Antispoofing

This chapter covers both antispoofing and securing the routing protocol your routers use to exchange information. Antispoofing filters prevent external users from sending forged packets that act as if they come from your internal network. Many security controls use a packet’s source IP address to allow or deny access. By sending spoofed packets that look as if they originated on your internal network, attackers can manipulate or bypass these security controls.

Your routers use routing protocols to exchange information. This information is used to determine what direction a router will send a packet once it is received. A functional network requires correct routing information, so, minimally, an attacker can cause a denial-of-service (DoS) attack by inserting false routing information into your routers. A far more damaging attack can involve having all of your network traffic relayed through another system, possibly one controlled by the attacker or one that allows him to bypass your firewall and intrusion detection systems. Protecting how routers exchange routing information is necessary to prevent such dangers.

Antispoofing

Antispoofing filters are usually implemented to protect the networks behind routers, but they are equally important in protecting the routers themselves. These filters keep people from attempting to spoof connections to your routers. They also prevent numerous attacks that, while not directed at the router, must pass ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required