Routopsy: hacking Routing with Routers
A really interesting talk by Szymon Ziolkowski and Tyron Kemp by SensePost, presented at BlackHat USA 2020.
During their engagements, researchers found various networks vulnerable to insecure, misconfigured, and often overlooked networking protocols, including dynamic routing protocols (referred to as DRP‘s) and first hop redundancy protocols (referred to as FHRP‘s).
We decided to focus on these two classes of networking protocols to manipulate traffic flows and identify non-conventional ways of performing Person-in-the-Middle (PitM) attacks. This post details the results of that research and the tool we wrote to explore this attack surface.
The tool is called Routopsy and is available on Github [2]:
Routopsy is a toolkit built to attack often overlooked networking protocols. Routopsy currently supports attacks against Dynamic Routing Protocols (DRP) and First-Hop Redundancy Protocols (FHRP). Most of the attacks currently implemented make use of a weaponised 'virtual router' as opposed to implementing protocols from scratch. The tooling is not limited to the virtual routers, and allows for further attacks to be implemented in python3 or by adding additional containers.
The whole article is available on Sensepost [3] website, and some technical details are also available on BlackHat website [4].