This topic discusses security considerations for using
the Route Daemon (RouteD) server. RouteD, provides support for the Routing
Information Protocol on the system.
The Route Daemon (RouteD) server provides support for the Routing Information
Protocol (RIP) on IBM® Systems. RIP is the most widely used of routing protocols.
It is an Interior Gateway Protocol that assists TCP/IP in the routing of IP
packets within an autonomous system.
RouteD is intended to increase the efficiency of network traffic by allowing
systems within a trusted network to update each other with current route information.
When you run RouteD, your system can receive updates from other participating
systems about how transmissions (packets) should be routed. Therefore, if
your RouteD server is accessible to a hacker, the hacker might use it to reroute
your packets through a system that can sniff or modify those packets. Following
are suggestions for RouteD security:
- IBM Systems
use RIPv1, which does not provide any method for authenticating routers. It
is intended for use within a trusted network. If your system is in a network
with other systems that you do not "trust," you should not run the RouteD
server. To ensure that the RouteD server does not start automatically, type
the following: CHGRTDA AUTOSTART(*NO)
- Make sure that you control who can change the RouteD configuration, which
requires *IOSYSCFG special authority.
- If your system participates in more than one network (for example, an
intranet and the Internet), you can configure the RouteD server to send and
accept updates only with the secure network.