Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
404
Views
0
Helpful
1
Replies

How to secure hsrp

p.tournier
Level 1
Level 1

‎06-20-2002 12:01 AM - edited ‎03-08-2019 11:03 PM

I'm testing the implementation of HSRP and VRRP, I would like to know how can I secure hrsp against this this type attack :

The 12.1.x IOS implementation of HSRP fails to check the IP address of the

phantom router against the IP address of the interface on which HSRP is

running when the IP is advertised from the remote host using IRPAS. This

results in a conflict over the IP address for the interface, bypassing

normal sanity checks.

An obvious DoS condition is created, since the phantom router can be

remotely given an IP address of a local interface through which packets

enter the Active router, thus leading to a loop.

The protocol is easily subverted by an active intruder on the LAN.

This can result in a packet black hole and a denial-of-service

attack.

Should I use IPSEC ? it is more secure to use VRRP instead of HSRP ?

Labels:
0 Helpful
1 Reply 1

ciscomoderator
Community Manager
Community Manager

‎06-26-2002 08:36 AM

Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents