Router is a device that operates in layer 3 of OSI model which main function is path selection and packet forwarding. Routers can be core network equipment in any organization so the security of router is major concern. However there are different types of router attacks that network professionals must be aware of.
Types of Router Attacks
Denial of Service attacks: – The DoS attack is done by the attacker who has the motive of flooding request to the router or other devices affecting the availability. Sending more number of ICMP packets from multiple sources makes the router unable to process traffic. If the router is unable to process traffic it is unable to provide services in the network and the whole network goes down affecting daily activity of organization.
Packet Mistreating Attacks: – In this type of attack after the router is injected with malicious codes the router simply mistreats the packets. Router cannot handle its own routing process and starts mishandling the packet. The malicious router is unable to process the packets properly and creates loops, denial-of-service, and congestion and so on in the network. This type of attack is very difficult to find and debug.
Routing table poisoning: – Routers use routing table to send packets in the network. The router moves the packets by looking into the routing table. The routing table is formed by exchanging routing information between routers. Routing table poisoning means the unwanted or malicious change in routing table of the router. This is done by editing the routing information update packets which are advertised by routers. This attack can cause severe damage in the network by entering wrong routing table entries in the routing table.
Hit-and-Run Attacks: – This attack is also called test attack where the attacker injects malicious packets into the router and sees if the network is online and functioning or not. If yes, the attacker sends further more malicious packets to harm the router. This attack can cause router to do unusual activities that depends upon the code injected by the attacker. This type of attack is hard to identify and can cause severe damage to the router’s work.
Persistent Attacks: – Unlike hit and run attack in this attack the attacker repeatedly injects malicious packets into the router causing the router to exploit vulnerabilities. This attack is very severe in nature and can cause heavy damage. The router can stop functioning from continuous malicious packet injection. This type of attack is easier to detect compared to other router attack.
To prevent these types of attack on the router an administrator should implement different security option in the network. Monitoring user activity and use of encryption wherever possible is must. Firewall should be installed to filter the inbound and outbound traffic. Similarly, different access control must be configured for different level of users. Router’s log should not be left default in the router but copied regularly on other location of the network.