Risk Assay for VRRP
The VRRP accident assay is about identical to that for HSRP. The antagonist can accelerate forged
VRRP packets to run a DoS or MITM attack. The clear-text affidavit does not help
because it is calmly sniffed. In Example 10-1, the tcpdump adenoids detected the
authentication abstracts SeCrET.
Using tcpdump to Get the VRRP SeCrET
13:34:02 0:0:5e:0:1:1 1:0:5e:0:0:12 ip 60: 192.168.0.7 > 224.0.0.18: VRRPv2-
advertisement 20: vrid=1 prio=100 authtype=simple intvl=1 addrs: 192.168.0.8 auth
“SeCrET“ [tos 0xc0] (ttl 255, id 0, len 40)
0x0000 45c0 0028 0000 0000 ff70 19e4 c0a8 0007 E..(.....p......
0x0010 e000 0012 2101 6401 0101 dd1f c0a8 0007 ....!.d.........
0x0020 5365 4372 4554 0000 0000 0000 0000 SeCrET........
When application clear-text authentication, an antagonist can advantage this advice aperture to
mount an attack. After the antagonist collects the affidavit data, he can coin any VRRP
packets and force and win an acclamation by assuming to accept a antecedence of 255. This could
lead to the afterward attacks:
• MITM: The antagonist appears to be the master. All end stations address their packets
to the antagonist rather than to the absolute router. The antagonist can detect or adapt the
packets afore forwarding them to the absolute router.
• DoS: Similar to the MITM advance except that the antagonist drops all packets. There will
be no added advice from the end stations to the absolute router.