We Depend On IT Competence & Reliability

If you are not in the IT field who would understand all the details of a potential hack-attack, here are some headlines in news today that may not create a full picture:

http://www.darkreading.com/perimeter/ddos-attackers-exploiting-80s-era-routing-protocol/d/d-id/1321138?

Which means the old RIPv1 or Routing Information Protocol  has abilities that can be exploited. If you have an old router, or if your current router is not set up correctly then it can be exploited.

 

The routers are the backbone of the Internet, they are needed to help our network connectivity. Once the Internet connection works the router is transparent to all Internet connectivity.  Unless somebody is actively reviewing all aspects of your IT functions it can be easily overlooked.

An old router  with cables plugged in for more realistic effects.ciscorouterinternet

 

Reading this headline made me think about many configurations which may be simple for some of us in IT to decipher, but  can have devastating consequences with hackers knocking at your doors.

This is where what we consider a SPOE – Second Pair of Eyes makes sense. Have another person with a fresh look review the information and test your equipment.

In the article Akamai  found 53000 routers with RIPv1 enabled. Do you wonder how these researchers know exactly how many devices have a certain vulnerability? It is because they scan a certain section of the Internet to find out.   Like in how hackers find new victims:

http://oversitesentry.com/tonyz/pubhtml/fixvirus/svapec/  (Scan – Vulnerability – Analysis – Penetrate – Exploit & Control)

I.e. Akamai scanned a certain part of the Internet and found 53k of routers with the problem.

If you go to  https://isc.sans.edu/port.html?port=520  (port 520 is the RIP protocol

Then you will find how much scan activity SANS has found last month:

port520scanofinternet

Here are the types of routers found to have the vulnerability in the USA:

Netopia 3000  usually used on AT&T networks (according to article)

netopia3000

 

Here is an interesting quote from the article:

The good news is that RIPv1 is not enabled by default on enterprise-grade routers. So why is it left open on some SOHO routers? “Could be an ISP enabling it for some reason or another, but it shouldn’t be” available, he says. It also may be useful in a very small business network, he says, but that comes with this risk of abuse by malicious actors. }

 

SOHO means Single Office Home Office, which means the technical expertise may not be available or is not what it should be.

 

Our motto is to test test test, so do that, have another person double check your IT resources. It is a good practice and also sets a standard of review with checks and balances.  This is important in our ever changing and more complex environments.

 

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.