Vulnerability on some routing protocols

xiaoxiao2021-03-06 90

Creation time: 2001-03-03

Article attribute: original

Article submission:

Xundi (xundi_at_xfocus.org)

Vulnerability on some routing protocols

BY Xundi

Xundi@xfocus.org

http://www.xfocus.org 2001-03-01

This article discusses opportunities for attacks and to prevent attacks on the network underlying protocol, especially about routing and routing.

Vulnerabilities of the agreement, such as Routing Information Protocol (RIP, Routing Information Protocol), Border Gateway

Protocol (Edge Gateway Protocol), Open Shortest Path First (OSPF, Open Maximum Path Priority Protocol), etc.

Routers play a key role in each network, if a router is destroyed or a successful spoof,

The integrity of the network will be severely damaged. If the host using the route does not use encrypted communication, it is more serious.

Because such a host is controlled, there will be a man-in-the-middle attack, a refusal service attack,

Data loss, network integrity damage, and information being sniffed.

Routing is a huge and complex topic, so I just mentioned a knowledge of knowledge, and the level of relationships,

THank you for everyones suggestions.

============================================================================================================================================================================================================= ==============================

About some very common router security issues

A variety of routers have a variety of well-known security issues, some network underlying equipment providers such as Cisco, Livingston,

Everyone can refer to the following address, which collected a lot of security vulnerabilities:

http://www.ndion.com/cgi-bin/anticode/anticode.pl?dir=Router-Exploits

Most of the vulnerabilities collected above the above address are not related to routing protocol levels, but some due to false configuration, IP packet error

Processing, SNMP has default Communit Name String, weak password or encryption algorithm is not strong enough. Above

Some of the attacks generally a standard NIDS can detect. These types of attacks have certain weakening on the bottom of the network.

And you can combine some high electrode protocols to attack.

Correct configuration management can handle a lot of common vulnerabilities, such as you must handle some standard procedures: do not use SNMP (

Or choose a strong password), keep the patch is the latest, correctly handle the access control list, enter and enter the filter, firewall,

Encrypt management channels and passwords, routing filtering and using MD5 authentication. Of course, you must know these procedures before using these procedures.

The relevant meaning of the security rules and the affected services.

Recently, in the network protection development project is a more than IDS called JINAO, you can find below the address.

Related content:

http://www.nr.mcnc.org/projects/jinao/jinao.html. Jinao is initiated by Darpa

And now it is a cooperative research project to develop together by MCNC and North Carolina University. Jinao in FreeBSD and

Running on Linux is online mode (using Divert Sockets), running in Offline mode in Solaris, and in 3 networks

The AF / ROME laboratory of -MCNC, NCSU and combined with the PC (operating system) and commercial router. test

The results show that these attacks that can successfully prevent multiple types of network underlying attacks and high-precision high-precision detection.

Currently, Jinao looks in research on Open Shortest Path First (OSPF, open shortest path priority) protocol,

And final JINAO will extend to various agreements. Jinao pointed out that defending attacks and intrusion detections will integrate within network management

In the capacity, JINAO is now in a network firewall, intrusion detection system, and network management system combination.

There is also a tool that can analyze advanced agreements such as Agilent Advisor.

(

Network analysis tools for http://onenetworks.comms.agilent.com/), it can support multiple routing protocols

Custom filters to detect various abnormal behaviors.

Some tools working on routing protocols

-------------------------------

Linux Divert Sockets Description To: "DIVERT Socket can also perform IP information on the router at the end host

Package capture and injection, the capture and insertion of the packet occurs on the IP layer, the captured packet is turned to the socket in the user space,

So this packet will not reach the final destination unless the user space socket is inserted into them. This is in information

The package capture and reinsertation can allow various operations (such as routing and firewall) between the system system kernel. "

http://www.nr.mcnc.org/~ Divert/). Simple saying that Divert Socket is made by user space (user space)

The program handles IP packet (IP packets) in the kernel (kernel), this Divert Socket earliest application with FreeBSD

In the system, if NAT is applied to the Divert Socket. This makes it easy for the development program because IP is processed in the user layer.

The Packet (IP packet) is also high, because it is the IP Packet (IP packet) in the Kernel (kernel).

Everyone can find the related Divert Socket in the following address:

http://www.nr.mcnc.org/~divert/.

DIVERT SOCKET is like the earliest implementation in FreeBSD, and now it has been ported to Linux and as a JINAO IDS project.

Part of the use.

------------------------------

Another called Nemesis Packet Injection Suite is a more powerful network and security tool, from Obecian

Develop, you can get the following address:

Http://www.packetninja.net. The latest Nemesis-1.1 released in 2000

June 24th. NEMESIS is a "Unix Network Packet Insert Suite" in the command line, and is a good test firewall.

Intrusion detection system, router and other network environments. It can be used by an attacker and authorized penetration detectors in the host and

Network-level network security environment detection. Among them, there is another evolution of Nemesis called intravenous, issued on 11/30/00.

Intravenous seems to carry all the basic functions of Nemesis, where different is the content of the artificial intelligence engine. More

Information about intravenous You can find in the packetninja.net site.

----------------------------

IRPAS, Internetwork Routing Protocol Attack Suite, written by FX, can be found in the following site

http://www.phenoelit.de/irPas/.irPas contains a variety of command line tools that work in a protocol layer that works in Cisco routing.

Includes these commands:

CDP - You can send Cisco Router Discovery Protocol (CDP Cisco Routing Discovery Protocol) message;

IGRP is able to insert Interior Gateway Routing Protocol (IGRP internal gateway routing protocol) message; IRDP is used

Send ICMP Router Discovery Protocol (ICMP Routing Discovery Protocol) message;

IrdResponder - can respond to IRDP requests with carefully produced packets;

ASS - Autonomous System Scanner (autonomous system scanner, now downloadable version only supports IGRP), explained here

Under the autonomous system, that is, the generally said AS, is simple to say a set of internal routers, using a common agreement to exchange internal networks

Information, more direct statement is these routers themselves, exchange information. The opposite is the external road we often know.

The router such as a general telecommunications node. Typical AS uses a single routing protocol in its boundary generation and propagation routing information.

The ASS is similar to the TCP port scanner, but it is only for the autonomous system. If you use the ASS scan, if the autonomous system should

A, all routing information in the routing process will be returned. IRPAS's website also contains a document about Generic Routing Encapsulation (GRE General Routing), where Generic Routing EncapSulation (GRE is generally routed)

The vulnerability allows external attackers to bypass NAT and destroy an internal RFC1918 network through VPN. This document can be in the address below

obtain:

http://www.phenoelit.de/irPas/gre.html, where more information is also included in other chapters and through IRPAS

Possible attack strategy.

IRPAS developer FX, sent AS samples and IGRP how to use ASS by ASS new version 2.14 (yet released)

Information (AS # 10 and other data) to insert a deceived route to 222.222.2222.0/24. Although the IGRP protocol is currently not a lot of use,

But this example is quite good. Below is the result of the FX test:

Test # ./ss -ma -i eth0 -d 192.168.1.10 -b15 -v

(The -i is the interface, -d is the destination address, and -b15 refers to between autonomous systems 0-15.

ASS [AutoMous System Scanner] $ Revision: 2.14 $

Phenoelit

http://www.phenoelit.de)

No protocols success; scanning all

Running scan with:

Interface eth0

Autonomous Systems 0 to 15

Delay IS 1

In Active Mode

Building Target List ...

192.168.1.10 IS alive

Scanning ...

Scanning IGRP on 192.168.1.10

Scanning Irdp on 192.168.1.10

Scanning Ripv1 on 192.168.1.10

Shutdown ...

OK, get the following results

>>>>>>>>>>>> RESULTS >>>>>>>>>>>

192.168.1.10

IGRP

#AS 00010 10.0.0.0 (50000, 1111111, 1476, 255, 1, 0)

IrDP

192.168.1.10 (1800, 0)

192.168.9.99 (1800, 0)

RIPv1

10.0.0.0 (1)

Test # ./IGRP -I Eth0 -f routes.txt -a 10 -s 192.168.1.254 -d 192.168.1.10

Of course, the routes.txt here needs you to specify:

Routes.txt:

# Format

# Destination: delay: Bandwith: MTU: Reliability: loading: hopcount

222.222.222.0:500:1:1500:255:1:1:0

Cisco # SH IP Route

CODES: C - Connected, S - Static, i - IGRP, R - RIP, M - Mobile, B - BGP

D - EIGRP, EX - EIGRP EXTERNAL, O - OSPF, IA - OSPF Inter area

E1 - OSPF EXTERNAL TYPE 1, E2 - OSPF External Type 2, E - EGP

I - IS-IS, L1 - IS-IS Level-1, L2 - IS Level-2, * - Candidate Defaultu - Per-User Static Route

Gateway of Last Resort Is Not Set

10.0.0.0/8 Is Variably Subnetted, 2 Subnets, 2 Masks

C 10.1.2.0/30 is Directly Connected, Tunnel0

S 10.0.0.0/8 is Directly Connected, Tunnel0

C 192.168.9.0/24 is Directly Connected, Ethernet0

C 192.168.1.0/24 Is Directly Connected, Ethernet0

I222.222.222.0/24 [100/1600] VIA 192.168.1.254, 00:00:05, Ethernet0

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Seeing no, arriving at 222.222.222.0/24 via 192.168.1.254

-----------------------------

Rprobe & Srip - This tool comes in a guidance document on Rip deception (written by Humble),

You can find this article in the address below.

http://www.technotronic.com/horizon/ripar.txt.rprobe

The tool will request a copy of the RIP routing table from all the way, using tcpdump or any other sniff

Tools can be used to capture these results. Next, SRIP can be used to send a forged RIPv1 or RIPv2 from any source IP

Message, SRIP can insert new routing and make the current route invalid, of course, attacker / penetration testers need to know the command line

What parameters are used. The introduction of these tools can be found in the Hacking Exposed Second Edition Network Device section to find examples.

---------------------------------------------------------------------------------------------------------------------------------------

Of course, other work and related routing protocols can be used by attackers or penetration testers, such as: ROUTED,

GATED, ZEBRA, MRT, and GASP, you can see other documents.

Below is a shallow release and related vulnerabilities of various agreements and defense measures that can be used.

Routing Information Protocol (RIP, Routing Information Protocol)

Routing Information Protocol (RIP, Routing Information Protocol) is a routing protocol based on distance vectors.

All routing (HOP) -beat is measured. Comprehensive management of Autonomous System (AS, Autonomous System)

System consisting of hosts, routers, and other network devices. RIP is an internal gateway protocol (Interior GatewayProtocol), that is, execute routing function within the autonomous system. Instead, everyone knows the external gateway routing protocol (Exterior

Gateway Protocol, such as the Edge Gateway Protocol (BGP), routed between different autonomous systems. RIP protocol

The type of network is not a good choice because it only supports 15 hops, RIPv1 and can only communicate their related routing information.

The opposite RIPv2 can communicate other routers. RIP protocols and other routing protocols work together, in accordance with Cisco, RIP

The agreement is often used to associate with the OSPF protocol, although many silent points out that OSPF needs to replace RIP.

It should be known that the route submitted by the RIP update can be redistributed by other routing protocols, so if an attacker can

Roul by RIP to the network, then reassign by other protocols such as OSPF or BGP protocols without verification

Routing, this attack will be expanded.

Vulnerabilities and prevention measures related to RIP protocol

A tester or an attacker can determine if the 520 UDP port is used to use RIP, you can use familiar

Tools such as NMAP for testing, as shown below, this port is opened without any access control combined with any type of

filter:

[root @ TEST] # nmap -su -p 520 -v router.ip.address.2

Interesting Ports on (router.ip.address..2):

Port State Service

520 / UDP Open Route

Scan UDP520 port at website

Http://www.dshield.org/ is arranged on "TOP 10 Target Ports"

In the 7th place, you have shown that there are many people in scanning RIP, which certainly associates the increasing increase in some routing tool tools.

RIPV1 has an unsafe factor because it does not use the authentication mechanism and use unreliable UDP protocols.

transmission. RIPv2's packet format contains an option to set a plain text password string of 16 characters (indicating that it can be

Stemed) or MD5 sign. Although the RIP packet can be fake, you use MD5 signatures in RIPv2

Will make the deceived operation difficulty greatly improve. A similar tool is the RIP command in the Nemesis project -

Nemesis-Rip, but because this tool has a lot of command line options and requires necessary knowledge, Nemesis-RIP is compared

It is difficult to use by Script Kiddies. Want to use Nemesis-RIP to successfully conduct a valid RIP spoof or similar tool needs

Many and some levels of knowledge. However, "Hacking Exposed" Second Edition Chapter 10: NetWork Devices mentioned

Some tools can be easier to perform RIP spoof attack attacks, which use rprobe to get remote network RIP

Routing tables, use standard TCPDUMP or other sniffing tools to view routing tables, SRIP to fake RIP packets (V1 or V2),

Reproduction with the Fragrouter to the mainframe of our control, and use similar DSNIFF tools to finally collect some

The plain text password in communication.

Although everyone knows that deceptive is relatively easy, there are still some big network providers still rely on RIP to implement some routes.

Function, although I don't know if they are safe to use. RIP is obviously still in use, huh, but I hope few people make

With RIPv1, RIPv2 using MD5 security mechanisms, or it has been ported to OSPF using MD5 authentication to improve

safety.

Border Gateway Protocol (BGP, Boundary Gateway Protocol) BGP is Exterior Gateway Protocol (EGP, External Gateway Protocol), and this protocol is executed between the independent system

Routing, now BGP4 is the most recent popular standard, BGP uses several message types, where the most important news related to this article is

UPDATE message type, this message contains updated information of the routing table, most of the global Internet rely on BGP, so some

Security problems must be treated very serious, and L0PHT claims that they can use the safety of routing agreements in a short time.

BGP to get through the entire Internet.

BGP protocol related vulnerabilities and prevention measures

BGP uses TCP 179 ports to communicate, so NMAP must detect TCP 179 ports to determine the presence of BGP.

[root @ Test] # nmap -ss -p 179 -v router.ip.address.2

Interesting Ports on (router.ip.address..2):

Port State Service

179 / TCP Open BGP

- An open BGP port is easier to attack

[root @ TEST] # nmap -ss -n -p 179 router.ip.address.6

Interesting Ports on (router.ip.address.6):

Port State Service

179 / TCP FILTERED BGP

The BGP port is filtered, and there is a certain resistance to the attack.

Since BGP uses TCP's transmission mode, it will cause BGP to cause a lot of questions about TCP, such as very common

SYN FLOOD attack, serial number prediction, general denial of service attacks, etc. BGP does not use their own sequence

The serial number of TCP is replaced, so if the device uses a predictable serial number scheme, there is such a type of attack.

Fortunately, most of the important routers running on the Internet use Cisco devices, and they are not predictable.

Sequence number scheme.

Some BGP implementations are not used by any authentication mechanism by default, and some may have the same problem as RIP.

It is a plain text password. This way, if the authentication scheme is not strong enough, the attacker sends UPDATE information to modify the routing table.

The opportunity for remote attacks will increase, resulting in further damage.

BGP can also propagate forged routing information if an attacker can modify or insert routing information from a protocol such as RIP.

Redistributed by BGP. This defect is that there is a trust module instead of its agreement itself. In addition, BGP's Community configuration is also

There will be some type of attack because Community Name can be obtained as a trusted token (marker) in some cases.

As for the attack, it seems to be more difficult to attack through the BGP, because the session passes between point-to-point points.

A separate physical line is communicated, but in a certain environment, if the two AS systems are connected to the switch, there may be TCP.

Inserted attacks, in such a network, the attacker is in the same VLAN or he has the ability to sniff the communication of Switch (such as using DSNIFF)

Tools are obtained by ARP deception), monitor TCP serial numbers, insert modified packets or use tools such as HUNT for Hijack

Connection and success, but this type of attack is generally only easier in the laboratory environment, and in the actual network

Because it is too complicated and difficult to succeed.

To make BGP more secure, you prefer to use access list control to port 179, use MD5 authentication, use secure transport media to perform secure BGP communication and execution routing filter (you can view the following document (see

http://www.cisco.com/univercd/cc/

TD / DOC / PRODUCT / SOFTWARE / IOS120 / 12CGCR / NP1_C / 1CPRT1 / 1CBGP.HTM # 40309) and some standard roads

Filter configuration is set by security.

---------------------------------------------------------------------------------------------------------------------------------------

Open Shortest Path First (OSPF, open shortest path priority agreement)

OSPF is a dynamic connection status routing protocol, which maintains a dynamic routing table of the entire network and use this table to determine

The shortest path between the network, OSPF is internal to use the connection status routing protocol, and the protocol sends a connection status letter to the same layer node.

Interest (LSA) work, when the router receives this information, it can calculate the shortest to each node according to the SPF algorithm.

Road. Other arrival routers send a greeting package to 224.0.0.5 every 10 seconds by using the Hello protocol of OSPF, then pick

Receive information sent back by these routers. An OSPF's Hello information header can sniff with iptraf, as shown below:

Ospf HLO (a = 3479025376 r = 192.168.19.35) (64 bytes) from 192.168.253.67 to 224.0.0.5 on Eth0

192.168.253.67 Border router sends a HELO packet to multicast (224.0.0.5) to tell other routers and hosts how to

Division A (a = 3479025376) from 192.168.19.35.

Once the router accepts the Hello packet, it starts to synchronize your database and other routes.

A LAS head includes the following parts: LS Age, Option, LS Type, Link State ID, Advertising Router ID,

LS Sequence Number, Ls Checksum, and Length.

OSPF protocol related vulnerabilities and prevention measures

OSPF uses protocol type 89, so you can use NMAP protocol to scan it to determine OSPF, unless the network is accessible

The list is not responding to these types of queries. As follows:

Root @ Test] # nmap -so -router.ip.address.252

Interesting Protocols on (router.ip.address.252):

Protocol State Name

89 Open OSPFIGP

OSPF is much more secure than the RIP protocol because of several security mechanisms, but in several components of LSA are also

It can be modified by capturing and reinjection the OSPF packet, and the JINAO group developed a FreeBSD Divert Socket

Linux implementation and is used in their tests.

OSPF can be configured to have no authentication mechanism, or use clear text password authentication, or MD5, so if the attacker can get

A certain degree of access, if they can use tools such as DSNIFF to monitor OSPF packets and or clear passwords, this

An attacker can run Divert Socket or other possible various types of ARP spoofing tools to redirect communication.

The JINAO team found the attack method of 4 denial of services on OSPF, which is a brief description:

- Max Age Attack Attack LSA's largest Age is an hour (3600)

The attacker sends a LSA packet with the largest maxAge setting, so that the most beginning of the router is refreshed by generating refresh information.

To send this LSA, then cause competition in the sudden change in the AGE item. If the attacker's continued sudden plug-in maximum value to the information package will cause network confusion and lead to denial of service attacks.

- SEQUENCE attack, an attacker continues to insert a relatively large LSA Sequence packet, according to OSPF

RFC introduction Because the LS SEQUENCE NUMBER is used to determine the old or whether the same LSA is more than

The larger serial number indicates that the more newcomers of this LSA. So the attacker continues to insert a relatively large LSA Sequence

(Sequence) When the information package, the first router will generate the LSA serial number that sends its own update to exceed the attacker sequence.

The competition, this leads to the unstable network and causes a refusal service attack.

- Maximum serial number attack

It is an attacker inserts the largest serial number 0x7FFFFFFFF. According to OSPF's RFC, when you want to exceed the largest serial number

At the time, LSA must be refreshed from the route Domain, with the initialsequencenumber initialization serial number. such

If the attacker's router serial number is inserted into the largest serial number, it will be initialized, theoretically, will immediately lead to the most

Start the competition of the router. But in practice, Jinao found in some cases with the largest Maxseq (serial number)

The LSA is not cleared but held in the connection status database for an hour.

- Forged LSA Attack

This attack is mainly caused by the error of the Gated daemon. You need all GATED processes to stop and restart.

Forged incorrect LSA leads to the generation of the deny service. This attack is similar to the hardware router does not affect and

The new version of Gate has no effect.

Some information above you can refer

Http://www.ietf.org/rfc/rfc2328.txt and jinao vulnerability to OSPF

Analysis: on The Vulnerabilities and Protection of Ospf Routing Protocol

http: // ww

W.nr.mcnc.org/projects/jinao/ic3n98.ps).

Nemesis-OSPF can generate the above attacks on the OSPF protocol, but because there are too many options and needs of Nemesis-OSPF.

There is a detailed understanding of OSPF, so general attackers and managers are difficult to implement these attacks. And also heard

NEMESIS-OSPF is not working properly, which limits the value of this tool.

OSPF certification requires Key exchange, each router must be sent back and forth to authenticate yourself and try to pass OSPF messages.

The Hello packet of the router is passed between the router every 10 seconds in the default configuration, so that the attacker is more

The opportunity to steal this key, if the attacker can earnestly listen to the network and get this key, the OSPF packet may be forged,

More seriously redirects these forged OSPF packets. Of course, these attackers are small, not light is difficult,

It is important because there are other easier security vulnerabilities that can be used, no one should pinch the soft persimmon.

It is recommended that if a host does not use dynamic routes, most hosts use static routes to complete the power.

can. Because the use of dynamic routing protocols will be attacked, for example, Gated software has been found for a few years ago.

problem.

-------------------------

About using IRPAS to attack CDP and IRDP

IRPAS's CDP program mainly sends a Cisco Router Discovery Protocol message to Cisco Router

The internal network segment generates a denial of service attack, and some garbage characters will cause the router to restart or crash.

It can also be used as a deception, open a convenient door for other more dangerous procedures, a possible attack scenario: If you use CDP to stop the router, then use the IRDP or the IrdResponder tool to send high-priority value to notify one new

The router, so if our target router cannot stop the service with the denial of service attack, new road

The high priority value of the apparatus will be adopted. If the value set by the attacker is successfully used, the attacker can be in them.

The communication path is easily inserted in the system.

This type of attack can also be applied to some hosts that use IRDP protocols, such as Windows98 by default.

Configuration Use IRDP, Winnt needs to manually configure support IRDP environment, and broadcast 3 ICMP Router when starting

Solicitation Messages (ICMP Routing Request Message). L0PHT has a detailed description of Windows and Sun

There is a vulnerability on the machine, you can find this article in the following address:

http://www.l0pht.com/advisories/rdp.txt

Computer networks, such as Internet, to largely rely on the correct processing of routing protocols, domestic, if some of the routes are not normal,

Large extent because there is no good processing route. The security of the routing protocol is also particularly important, although the routing agreement

The attack is not a lot now, I rarely see this introduction (I don't know if I can not know, or other reasons. Hope

This tile can lead to more beautiful jade), but with some tools, such as Nemesis and IRPAS, and some for the bottom

Research on the protection of the network is easier to understand and easy to understand the attacks of the routing protocol.

Here are some references about routing protocols (I hope that they can be finished) .url:

ANTIONLINE's vulnerability information. URL:

http://www.ndion.com/cgi-bin/anticode/anticode.pl?dir=Router- Exploitscisco Systems. "Improving Security On Cisco Routers". URL:

http://www.cisco.com/warp/public/707/21.html

Convery, Sean (CCIE # 4232) and Trudel, Bernie (CCIe # 1884).

"Safe: a security blueprint for enterprise networks". URL:

http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safe_wp.htm

Frank Jou, Y. "Scalable Intrusion Detection for the Emerging Network Infrastru"

CTURE ". URL:

http://www.nr.mcnc.org/projects/jinao/jinao.html

Prue, Walt. "Re: Some Abuse Detection Hacks". Nanog List. (MON, 9 Mar 1998) URL:

Http://www.cctec.com/mailists/nanog/historical/9803/msg00035.html

"Divert sockets for linux". URL:

http://www.nr.mcnc.org/~ Divert/

Obecian. "The next". URL:

http://www.packetninja.net/nemesis

"IRPAS - InternetWork Routing Protocol Attack Suite". URL:

http://www.phenoelit.de/irpas/

"Spoting RIP (Routing Information Protocol)". URL:

http://www.technotronic.com/horizon/ripar.txt

Cisco Press. "Routing Information Protocol". (8 DEC 1999). URL:

http://www.cisco.com/cpress/cc/td/cpress/fund/ith2nd/it2444.htm

Rekhter, Y. "A Border Gateway Protocol 4 (BGP-4)". Request for Comments 1771.

(Mar 1995). URL:

http://www.isi.edu/in-notes/rcf1771.txt

MOY, J. "OSPF Version 2". Request for Comments 1583. (March 1994). URL:

http://www.isi.edu/in-notes/rfc1583.txt

Cisco Press. "Designing & Implementing An OSPF Network". (2 aug 2000). URL:

Http://www.cisco.com/cpress/cc/td/cpress/design/ospf/on0407.htm - Xtocid1636554

"Rip and ospf redistribution". (12 May 2000). URL:

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs001.htm

Grefer, Roland. Re: "Anyone Know What IP Protocol # 54 IS?". Sans Institute Globalincident Analysis Center, Detects Analyzed 11/10/00. (10 Nov 2000). URL:

http://www.sans.org/y2k/111000.htm

"Protocol numbers". URL:

http://www.isi.edu/in-notes/iana/assignments/protocol-numbers

Ahmad, Dave & Rauch, Jeremey. "Routers, Switches & more: The glue That Binds Them All

TOGETHER "Black Hat Briefings 200, Las Vegas USA. (26 July 2000). URL:

Http://www.blackhat.com/html/bh-multi-media-archives.html

Batz. "Security Issues Affecting Internet Transit Points and Backbone Providers". Black

Hat briefings 1999, Las Vegas. (7-8 July 1999). URL:

Http://www.blackhat.com/html/bh-multi-media-archives.html

Oquelndo, J. "THEORIES in DOS". URL:

http://www.antioffline.com/tid/

"L0PHT Security Advisory". (11 August 1999). URL:

http://www.l0pht.com/advisories/rdp.txt

OSPF Version 2 RFC

http://www.ietf.org/rfc/rfc2328.txt

转载请注明原文地址:https://www.9cbs.com/read-100355.html

9cbs

New Post(0)