Honeypot router for routing protocols protection

Routing protocols are essential for interconnecting networks; however they may enclose several vulnerabilities that can be exploited by malicious attackers. For example, an attacker may send forged packets to a router with the intention of changing or corrupting the routing table, which in turn can reduce the network connectivity and degrade the router functionalities. To prevent and detect such attacks, several security techniques are available like firewall, authentication mechanisms and intrusion detection system (IDS). Nevertheless these security methods encounter some problems, especially when dealing with new attacks. Relying on additional security principles seems to be important to well protect network connectivity offered by routers. In this paper, we propose using honeypot to protect routing protocols. Honeypot is particularly useful to attract attackers, driving them away real routers and allowing the administrators to be aware about intrusion attempts on their networks and the employed techniques that can be recent. Our solution (honeypot router) is to deploy a honeypot playing the role of a router. The honeypot is based on routing software called Quagga and other tools for traffic capture and analysis. The entire solution supervises all routing traffic, so it detects and studies new attacks against routing protocols (RIP, OSPF and BGP).