mailing list archives
Re: Cisco HSRP Weakness/DoS
From: bashis <bash () NS WCD SE>
Date: Sat, 5 May 2001 18:12:16 +0200
b) what worries me about this method is that it is close to ideal for
a man in the middle attack (take over default gw, rewrite source
address to my own address, rewrite anything else in the packet, send
to the real router).
It's realy old news, this was allready known in '98 when they written
RFC 2281 ( http://www.faqs.org/rfcs/rfc2281.html )
but nobody have talked about it in public,
except Cisco who is saying how good it is, to get a fault tolerant network..
Well, i'm not suprised that there are lots of ppl who dont know this,
so thats why i posted it to bugtraq, to make ppl aware of it..