Routing Table Poisoning Prevention
-
Dear all,
How to prevent routing table poisoning in pfsense? Or prevent the routing protocol sniff the routing table and redirect the traffic.Any method/packages/protocol/ to prevent it?
-
@peter_apiit And what routing protocol are you running - and exchanging routes with who over what you would have to worried about that exactly?
So your running some sort of complex setup where your exchanging routes that change all the time with other pfsense instances? Your using the FRR packages running bgp or ospf?
I didn't seem to get that from any other posts.. Your the guy who's ISP is hacking him because your TV ended up on the google play store, and your screen saver didn't turn off your monitor.. And some webpage refreshed all on its own?
Now your worried someone is hacking your routing table??
-
@johnpoz said in Routing Table Poisoning Prevention:
@peter_apiit And what routing protocol are you running - and exchanging routes with who over what you would have to worried about that exactly?
So your running some sort of complex setup where your exchanging routes that change all the time with other pfsense instances? Your using the FRR packages running bgp or ospf?
I didn't seem to get that from any other posts.. Your the guy who's ISP is hacking him because your TV ended up on the google play store, and your screen saver didn't turn off your monitor.. And some webpage refreshed all on its own?
Now your worried someone is hacking your routing table??
Sorry if this is a silly question. I didn't use any routing protocol in my network setup but route with ISP. Hence, I worried, my route is getting attack with them. Therefore, I want to prevent it. I would like to seek an advise from network expert guys like you. Please help. Appreciate it. Thanks.
-
i don't think network experts will be able to help you with your troubles
-
@peter_apiit said in Routing Table Poisoning Prevention:
my route is getting attack with them
You mean the only route you have - which is too them.. How exactly are they attacking this route that points to them, ie you have the 1 gateway.. To them, they route all your traffic.. So how/why would they be attacking this?
-
@johnpoz I don't have experience in networking. That why im asking in forum. Seeking for expert advise.
-
@peter_apiit I am curious where your getting such ideas from to be honest..
Are you binging Mr. Robot or something.
More than happy to answer questions - but your notions of your ISP hacking you in all sorts of crazy ways seems a bit over the top..
I could see concerns if say you saw a session from one of your machines between some IP out on the internet that you did not know what it was or why Being curious or worried about it could be justified.
But your examples of your concerns - and pointing to your ISP as the one doing it seem unwarranted to put it mildly.. Your smart TV ending up on a screen, your monitor not going to sleep. Browser pages refreshing.. All of which have way more likely/probable causes then ISP or anybody or anything hacking you ;)
Hacking your routing tables -- When your not even running any routing protocols.
Your posting of your netstat connections - showed zero connections to anything.
Pfsense out of the box would prevent any unsolicited inbound traffic from the isp or the internet to any of your devices behind pfsense. Unless you specifically opened up traffic with a port forwarded or allowed (enabled) UPnP the only traffic what would be allowed, is traffic that you initiated from a device behind pfsense.
If you want to isolate devices on your network from other devices on your network. This is quite simple to do, with creating other networks or vlans and firewall between them to only allow the specific traffic that you want to allow. All of my iot devices are isolated from my other local networks for example.
Pfsense would allow you to monitor (log) and or even just view the state table for traffic from any of your devices to the internet or between networks pfsense routes between for your own just curiosity or concerns.
If you are concerned with devices on the same network from talking to each other. You need to look to switching or wireless infrastructure that allows for that. In switching its normally called private vlan. In wireless its called AP isolation or Client Isolation, etc.
But so far all of your concerns of "hacking" seem to be completely unwarranted.. That is my professional "expert" opinion with 30 some years of working in networking and infosec..