Alcatel-Lucent 6600 Switch User Manual


 
Configuring RDP RDP Overview
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 17-7
Security Concerns
ICMP RDP packets are not authenticated, which makes them vulnerable to the following attacks:
Passive monitoring—Attackers can use RDP to re-route traffic from vulnerable systems through the
attacker’s system. This allows the attacker to monitor or record one side of the conversation. However,
the attacker must reside on the same network as the victim for this scenario to work.
Man in the middle—Attacker modifies any of the outgoing traffic or plays man in the middle, acting
as a proxy between the router and the end host. In this case, the victim thinks that it is communicating
with an end host, not an attacker system. The end host thinks that is it communicating with a router
because the attacker system is passing information through to the host from the router. If the victim is a
secure web server that uses SSL, the attacker sitting in between the server and an end host could inter-
cept unencrypted traffic. As is the case with passive monitoring, the attacker must reside on the same
network as the victim for this scenario to work.
Denial of service (DoS)—Remote attackers can spoof these ICMP packets and remotely add bad
default-route entries into a victim’s routing table. This would cause the victim to forward frames to the
wrong address, thus making it impossible for the victim’s traffic to reach other networks. Because of
the large number of vulnerable systems and the fact that this attack will penetrate firewalls that do not
stop incoming ICMP packets, this DoS attack can become quite severe. (See Chapter 14, “Configuring
IP,” and Chapter 24, “Configuring QoS,” for more information about DoS attacks.)
Note. Security concerns associated with using RDP are generic to the feature as defined in RFC 1256 and
not specific to this implementation.