Routing is one of the most eminent parts of the structure that keeps a system squirting. Made attacks against routers cooperation the router itself, its peering composer, or its routing entropy. Routing protocols are utilised by routers to discover routes and record routing tables. Having a primary noesis of routing protocols faculty meliorate the department analysts to discover possibleness attacks and take evasive measures to prevent them.
The canonic lens of routing protocols is to commute meshwork reachability message between routers and dynamically vary to cloth changes. These protocols use routing algorithms to cause the best line between incompatible segments in the meshing, and update routing tables with the primo paths.
It is individual use to use one IP routing protocol throughout the enterprise, if fermentable. Oftentimes, one may succeed scheme infrastructures where individual routing protocols testament coexist. One average instance of when septuple the protocols are utilised is when the system needs to connects to two or author ISPs for Cyberspace connectivity. In this scenario, the most commonly utilised protocol to replace routes with the delivery provider is BGP, piece within the structure, OSPF or EIGRP are typically utilised.
Various antithetic possibilities survive when choosing the optimal routing prescript for your orderliness. There is no one optimal action, so it is great that you understand the benefits and drawbacks of apiece prescript. The contrary protocols can be grouped in several construction. One option is to aggroup them supported on whether protocols operate within or between ASs.
An AS represents a compendium of cloth devices low a communal administrator. Regular examples of an AS are an interior web of an endeavor or a meshing store of an ISP.
” Interior gateway protocols: IGPs are victimised within the orderliness, and exchange routes within an AS. They can agree bitty, medium-sized, and hulking organizations, but their scalability has its limits. The protocols can furnish real scurrying series, and canonic functionality is rich to configure. The most commonly victimized IGPs in enterprises are EIGRP and OSPF. RIP is also utilized, but rarely. IS-IS is commonly launch within the upkeep bourgeois intrinsical meshwork.
” Exterior gateway protocols: EGPs demand protection of exchanging routes between divers ASs. BGP is the only EGP that is old today. The important ability of BGP is to commercialism a brobdingnagian enumerate of routes between disparate ASs that are part of the Net.
” Distance vector protocols: The distance vector routing motion determines the content (agent) and distance (such as statement unit or sort of vine) to any union in the material. Distance agent protocols use routers as signposts along the track to the unalterable direction. The only entropy that a router knows almost a remote cloth is the length or measure to push this meshwork and which track or programme to use to get there. Size vector routing protocols do not human an factual map of the web anatomy. Piece at front, the indifference vector protocols suspended only the pulsed workplace of routing collection, the two most commonly misused distance vector protocols, EIGRP and RIPv2, use triggered updates to act to anatomy changes.
” Link-state protocols: The link-state motion, which uses the SPF rule, creates an impalpable of the literal topology of the entire network, or at lowest of the partitioning in which the router is situated. Using an religion of signposts, a link-state routing rule is like having a play map of the system configuration. The signposts along the way from the shaper to the end are not obligatory because all link-state routers use an congruent “map” of the fabric. A link-state router uses the link-state aggregation to make a configuration map and to select the optimum line to all goal networks in the constellation. The OSPF and IS-IS protocols are examples of link-state protocols.
” Path agent protocols: The course vector routing motion exchanges not only information about the creation of direction networks but also the course on how to hit the goal. Itinerary aggregation is victimized to watch the optimal paths and to preclude routing loops. Using an analogy of signposts, routers are not exclusive everyday with the route of the end mesh but also with the fact track to the instruction. The only widely utilized itinerary agent rule is BGP.
Routing protocols such like BGP, IS-IS, OSPF, EIGRP, and RIPv2 supply a set of tools specified as routing prescript mark to forbear steady the routing fund.”
This topic will not go in depth into how each of the different routing protocol operates. Please refer to other Cisco courses for more information.
01:23:35 IP 192.168.1.2.520 > 255.255.255.255.520: RIPv1, Request, length: 24 01:23:36 IP 192.168.1.2.520 > 255.255.255.255.520: RIPv1, Request, length: 24 01:23:37 IP 192.168.1.2.520 > 255.255.255.255.520: RIPv1, Request, length: 24 01:23:38 IP 192.168.1.2.520 > 255.255.255.255.520: RIPv1, Request, length: 24
In the above sample log information, the IP address, 192.168.1.2 is sending the RIPv1 Request to the broadcast address, 255.255.255.255 on that segment. This Information Protocol (RIP) is one of the oldest distance-vector routing protocols which uses UDP 520 as its transport protocol. RIPv1 has no support for router authentication.
While analyzing the logs, if you see many messages like the one shown above, it is possible that an attacker is trying to perform the DoS attack to make the network resources unavailable. A malicious attacker can also spoof the source IP address and craft the same request query type as above, in order to form neighbors with nearby routers and get the complete routing information of the network. Once the network information is exposed, attackers may explore entire networks, and perform large-scale attacks.
The log message can also be generated when a legitimate router sends the RIPv1 request. With routing protocol knowledge, a security analyst can be aware of the circumstances when they get these types of log messages, and identify or correlate attacks faster on the networks.