RIP路由欺骗攻击与防御实验详解

发布于:2025-03-21 ⋅ 阅读:(30) ⋅ 点赞:(0)

一、基础网络配置

1. 路由器R1配置

interface GigabitEthernet0/0/0
 ip address 192.1.2.254 255.255.255.0
!
interface GigabitEthernet0/0/1
 ip address 192.1.3.254 255.255.255.0
!
router rip 1
 version 2
 network 192.1.2.0
 network 192.1.3.0

2. 路由器R2配置

interface GigabitEthernet0/0/0
 ip address 192.1.3.253 255.255.255.0
!
interface GigabitEthernet0/0/1
 ip address 192.1.4.254 255.255.255.0
!
router rip 1
 version 2
 network 192.1.3.0
 network 192.1.4.0

3. 路由器R3配置

interface GigabitEthernet0/0/0
 ip address 192.1.4.253 255.255.255.0
!
interface GigabitEthernet0/0/1
 ip address 192.1.5.254 255.255.255.0
!
router rip 1
 version 2
 network 192.1.4.0
 network 192.1.5.0

验证通信

PC> ping 192.1.5.2  # 应获得100%成功率

二、路由欺骗攻击实施

入侵路由器配置

interface GigabitEthernet0/0/0
 ip address 192.1.3.252 255.255.255.0
!
router rip 1
 version 2
 network 192.1.3.0

攻击特征

  • 发送伪造路由更新:192.1.5.0/24 metric=1
  • 通过Wireshark抓包可见恶意RIP响应: 
    Source: 192.1.3.252
Destination: 224.0.0.9
RIP Response:
  - 192.1.5.0/24 Metric=1

路由表污染验证

R1# show ip route
RIP  192.1.5.0/24 [120/1] via 192.1.3.252  # 正确路由应显示metric=2

三、安全防御配置

R1/R2接口认证配置

! R1配置
interface GigabitEthernet0/0/1
 rip authentication-mode hmac-sha256 cipher your_password
 rip version 2 multicast

! R2配置
interface GigabitEthernet0/0/0
 rip authentication-mode hmac-sha256 cipher your_password
 rip version 2 multicast

interface GigabitEthernet0/0/1
 rip authentication-mode hmac-sha256 cipher your_password
 rip version 2 multicast

防御效果验证

  1. 路由表恢复正确: 
    RIP  192.1.5.0/24 [120/2] via 192.1.3.253
  2. Wireshark抓包显示认证字段: 
    RIP Authentication:
  Type: HMAC-SHA256
  Key-ID: 100

实验结论

  1. RIP协议存在明文传输路由信息的安全缺陷
  2. 通过伪造metric值可实施路由欺骗
  3. 启用HMAC-SHA256认证能有效防御路由欺骗
  4. 建议生产网络使用OSPF等更安全的路由协议

网站公告

今日签到

点亮在社区的每一天
去签到

热门文章

最新发布