Skip to content

EIGRP Attacks โ€‹

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

This is a summary of the attacks exposed in https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9. Check it for further information.

Fake EIGRP Neighbors Attack โ€‹

  • Objective: To overload router CPUs by flooding them with EIGRP hello packets, potentially leading to a Denial of Service (DoS) attack.
  • Tool: helloflooding.py script.
  • Execution: %%%bash ~$ sudo python3 helloflooding.py --interface eth0 --as 1 --subnet 10.10.100.0/24 %%%
  • Parameters:
    • --interface: Specifies the network interface, e.g., eth0.
    • --as: Defines the EIGRP autonomous system number, e.g., 1.
    • --subnet: Sets the subnet location, e.g., 10.10.100.0/24.

EIGRP Blackhole Attack โ€‹

  • Objective: To disrupt network traffic flow by injecting a false route, leading to a blackhole where the traffic is directed to a non-existent destination.
  • Tool: routeinject.py script.
  • Execution: %%%bash ~$ sudo python3 routeinject.py --interface eth0 --as 1 --src 10.10.100.50 --dst 172.16.100.140 --prefix 32 %%%
  • Parameters:
    • --interface: Specifies the attackerโ€™s system interface.
    • --as: Defines the EIGRP AS number.
    • --src: Sets the attackerโ€™s IP address.
    • --dst: Sets the target subnet IP.
    • --prefix: Defines the mask of the target subnet IP.

Abusing K-Values Attack โ€‹

  • Objective: To create continuous disruptions and reconnections within the EIGRP domain by injecting altered K-values, effectively resulting in a DoS attack.
  • Tool: relationshipnightmare.py script.
  • Execution: %%%bash ~$ sudo python3 relationshipnightmare.py --interface eth0 --as 1 --src 10.10.100.100 %%%
  • Parameters:
    • --interface: Specifies the network interface.
    • --as: Defines the EIGRP AS number.
    • --src: Sets the IP Address of a legitimate router.

Routing Table Overflow Attack โ€‹

  • Objective: To strain the router's CPU and RAM by flooding the routing table with numerous false routes.
  • Tool: routingtableoverflow.py script.
  • Execution: %%%bash sudo python3 routingtableoverflow.py --interface eth0 --as 1 --src 10.10.100.50 %%%
  • Parameters:
    • --interface: Specifies the network interface.
    • --as: Defines the EIGRP AS number.
    • --src: Sets the attackerโ€™s IP address.
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks: