Eigrp-tools Eigrp-tools is
a custom EIGRP packet generator and sniffer combined. It was developed to
test the security and overall operation quality of the EIGRP routing protocol.
Using this tool requires you to have the requisite background knowledge of
EIGRP, packets structure/types, alongside a good working background of the Layer
3 topology of the network you wish to audit.
Installation It is available from
here.
It requires various Perl modules to be installed before it
is able to be utilised. These can be obtained by searching
CPAN.
Net::RawIP
- A
search comes up with
Net-RawIP-0.2.tar.gz
tar -zxvf Net-RawIP-0.2.tar.gz
perl Makefile.pl
Errors are reported in the file RawIP.xs,
the problem lies in the
fact that the (u=char *)
variable has been declared both sides and the first such reference to this needs
to be removed. The error output to screen will mention the lvalue
and assignment
being wrong. Record the line numbers outputted and it is on these lines that you
must remove the duplicate variables.
vi RawIP.xs At lines 762,
788, 821, 861, 895, 1287 and 1309 you should find the syntax
(u=char*)
delete the first entry of this as it is not required, the script should now run.
make
make install
NetPacket:Ethernet
- A
search comes up with
NetPacket-0.04.tar.gz
NetPacket::IP
- A
search comes up with the
same package as above.
tar -zxvf NetPacket-0.04.tar.gz
perl Makefile.pl
make
make install
tar -zxvf eigrp-tools.tar.gz
Execution eigrp.pl
[--sniff] [ --iface=interface ] [--timeout=i]
Options:
--sniff Sniff eigrp packets
--iface Listen on an interface
--iflist List all available network interfaces
--source Source IP address
--dest Packet destination IP. Default multicast IP - 224.0.0.10
--timeout=n pcap init timeout (500 default)
--hello Send EIGRP HELLO
--update Update route
--query Send [Query] (Unreachable destination )
--external External route
--internal Internal route
--ipgoodbye=s IP to [Goodbye message] Authentication replay not implemented
--file2ip=s Send raw sniffed eigrp data from file to IP
--payback Sniff the UPDATE packet, change [Delay] and send it back (PoC)
--op=n EIGRP opcode no. to trigger, capture a pkt defined by the trigger onto a
disk
--sn=n EIGRP sequence number to trigger
--auth Authentication data for the reply attack (copy past hex from sniff)
--opcode Custom opcode for hello packets fuzzing
--flags=n EIGRP flags (0,1 or 2)
--version=n EIGRP version [8 bit integer] Default = 2
--as=n Autonomous system number, Default = 1
--k1=n Metric K1 Default 1
--k2=n Mertic K2 Default 0
--k3=n Mertic K3 Default 1
--k4=n Mertic K4 Default 0
--k5=n Mertic K4 Default 0
--mtu=n MTU
--nms=n Add NMS (Next multicast message) to Hello packet
--eigrpv=s EIGRP release version
--ios=s IOS version
--hopcount=n Hop count
--reliability=n Reliability
--load=n Load
--delay=n Delay
--sequence=n Sequence (32bit sequence) Default = 0
--ack=n Acknowledge (32bit sequence) Default = 0
--nexthop=s Next Hop
--bandwidth=n Bandwidth
--routedest=s Route destination
--origrouter=s Originating router
--origas=n Originating Autonomous system number
--arbitatag=n Arbitrary tag
--metric=n protocol metric (external EIGRP metric for the external
updates)
--extproto=n External protocol
ID IGRP(1)
EIGRP(2)
Static Route(3)
RIP(4)
HELLO(5)
OSPF(6)
IS_IS(7)
EGP(8)
BGP(9)
IDRP(10)
Connected link(11)
--hold=n Hold time in seconds
--hellotime=n Hello send retries timeout . Default = 5 sec
--hellodos=s IP subnet. Nasty DOS attack! Send HELLO EIGRP Argument from IP
range.
--retries=n Packet send retries Default = 1;
Examples: ./eigrp.pl
--sniff --iface eth0 ./eigrp.pl
--ipgoodbye 192.168.66.202 --source 192.168.7.8 ./eigrp.pl
--file2ip update.dat --source 192.168.7.8 ./eigrp.pl
--update --external --as 65534 --source 192.168.7.8 ./eigrp.pl
--hello --auth
00020010000000020000000000000000000000000efe07403446c77a9697fe5753f79e52 --source
192.168.77.8 --nms 1 ./eigrp.pl
--help This message
|