I'm testing the implementation of HSRP and VRRP, I would like to know how can I secure hrsp against this this type attack :
The 12.1.x IOS implementation of HSRP fails to check the IP address of the
phantom router against the IP address of the interface on which HSRP is
running when the IP is advertised from the remote host using IRPAS. This
results in a conflict over the IP address for the interface, bypassing
normal sanity checks.
An obvious DoS condition is created, since the phantom router can be
remotely given an IP address of a local interface through which packets
enter the Active router, thus leading to a loop.
The protocol is easily subverted by an active intruder on the LAN.
This can result in a packet black hole and a denial-of-service
attack.
Should I use IPSEC ? it is more secure to use VRRP instead of HSRP ?