RIP Poisoning Routing Table Modification (Adjacent Network)

Medium Nessus Plugin ID 39587


Routing tables can be modified.


It was possible to poison the remote host routing tables through the RIP protocol.

An attacker may use this to hijack network connections.

Several RIP agents reject routes that are not sent by a neighbor, so this flaw may not be exploitable from a non-adjacent network.


Either disable the RIP listener if it is not used, use RIP-2 in conjunction with authentication, or use another routing protocol.

Plugin Details

Severity: Medium

ID: 39587

File Name: rip_poison_lan.nasl

Version: $Revision: 1.5 $

Type: remote

Family: Misc.

Published: 2009/07/02

Modified: 2013/01/25

Dependencies: 11829

Risk Information

Risk Factor: Medium


Base Score: 5.8

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Services/udp/rip