NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2002-06

From: Felix Lindner (felix.lindnernruns.com)
Date: Sat Jun 08 2002 - 04:21:40 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sharad Ahlawat wrote:
> an excerpt form RFC 2281 - Cisco HSRP
>
> 7. Security Considerations
[SNIP]
> It is difficult to subvert the protocol from outside the
> LAN as most routers will not forward packets addressed to the
> all-routers multicast address (224.0.0.2).

This does not prevent remote attacks because Cisco devices do not
validate the destination address of a HSRP packet. Unicast packets are
accepted, which can be tested using the hrsp tool at
http://www.phenoelit.de/irpas/

Regards
/F

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]