Re: getting routes from internet facing routers

Thanks for the reply Chris. Having re-read my original e-mail I see I
woreded it really badly :-( The part from my original mail I'm
actually interested in is this line:

I've also heard that it's possible to get routes from a router/firewall facing the public domain without having to login to it

In other words, that potential hackers can start to build a diagram of
my network by sending crafted packets to my internet facing router and
seeing what private IP routes (ie 10.0.0.0, 192.168 etc etc) routes
lie inside.

I've googled this and found nothing. Do you (or anybody else) have
any ideas how to get these routes out when you don't have access to
the router ? Is it by using ICMP ?

Also, is it possible to "extract" routes from an internet facing
router regardless of what routing protocol it's running, or even if
it's running just static routing ?

Hope I've explained myself better this time ?

M

2009/7/21 Chris <cweindel@xxxxxxxxx>:
If you're routing with BGP, you can filter it by blocking port 179.  all
ICMP does it block those types of packets - it won't help you block
advertised routes.

of course, the ultimate externally facing router is in front of a firewall /
in a DMZ...

C

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Quantcast