Check or Attack Name: rip

The machine is vulnerable to false routing table information. RIP is a commonly used method for a local network to share routing information.

An attacker can inject false routing packets into the routing table on the host, forcing packets to be sent to the attackerÆs machine for reading or modification. By sending forged RIP packets, an attacker can change the routing for a network connection, allowing sniffing, spoofing, hijacking, and dropping packets on the connection not originally going through a network. Vulnerable machines run non-authenticated RIP.

RIP is commonly used by the routed service. If you are using a simple gateway, you may be able to set a default route and not need to use routed. In cases where it is necessary to maintain a routing service on your network, the newer RIP-2 or OSPF routing protocols include a simple password scheme that will prevent machines outside of the network from being able to modify your routing tables. Contact your vendor for information on how to upgrade your routing protocol.

Villanova University School of Law, Martin F. Noonan <mnoonan@www.vcilp.org>, An Analysis of the Security Risks Involved in Transmitting Credit Card Numbers Over the Internet; Security Issues Involved With RIP, http://www.law.vill.edu/chron/articles/iprtsec.html#secrip