Sharad Ahlawat wrote: > an excerpt form RFC 2281 - Cisco HSRP > > 7. Security Considerations [SNIP] > It is difficult to subvert the protocol from outside the > LAN as most routers will not forward packets addressed to the > all-routers multicast address (224.0.0.2). This does not prevent remote attacks because Cisco devices do not validate the destination address of a HSRP packet. Unicast packets are accepted, which can be tested using the hrsp tool at http://www.phenoelit.de/irpas/ Regards /F
