IRDP (ICMP Router Discovery Protocol) enabled
Description
ICMP Router Discovery Protocol (IRDP) is enabled on this host. IRDP is an extension to the ICMP protocol that allows hosts to discover routers on their networks by listening for "router advertisement" broadcasts on their networks. Receipt of router advertisement messages by a host may result in changes to the host's routing table. Since IRDP does not provide for the authenticity of router advertisement messages, hosts running IRDP can be spoofed into changing their routes.
An attacker could send spoofed IRDP router advertisement messages to the host, causing it to change its default route to whatever the attacker chooses. This could result either a complete denial-of-service (i.e. changing the default gateway to something invalid) or susceptibility to passive sniffing and/or man-in-the-middle attacks (i.e. changing the gateway to a router under the attacker's control).
Solution(s)
- generic-icmp-irdp-block-disable-ios
- generic-icmp-irdp-block-disable-vista_2k8
- generic-icmp-irdp-block-disable-nt-w2k-xp
- generic-icmp-irdp-block-disable-openbsd
- generic-icmp-irdp-block-disable-solaris
- generic-icmp-irdp-block-disable-w9x-me
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center