BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.pass-the-salt.org//pts2025//talk//UATTRT
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-pts2025-UATTRT@cfp.pass-the-salt.org
DTSTART;TZID=CET:20250702T154000
DTEND;TZID=CET:20250702T160000
DESCRIPTION:VRRP (Virtual Router Redundancy Protocol) is an open-standard p
 rotocol designed to ensure high availability of routers. Proven and widely
  adopted\, it is used in many network infrastructures. However\, the secur
 ity aspects of VRRP are rarely discussed in depth in available online reso
 urces. For instance\, VRRPv2\, which remains widely used today\, offers tw
 o authentication modes\, one of which is easily bypassed. In contrast\, VR
 RPv3 has completely removed authentication\, as the protocol's authors con
 sidered that security should be handled at a different layer. In this pres
 entation\, I will focus on the IP tie-breaking dilemma that arises during 
 VRRP priority conflicts\, particularly when the legitimate master router i
 s configured with the highest priority value of 255. To illustrate this is
 sue\, I will rely on Keepalived\, a widely used open-source implementation
  of VRRP. I will also highlight a design flaw I co-discovered in the VRRP 
 protocol (RFC 9568)\, in collaboration with the Keepalived project maintai
 ners. This vulnerability\, documented in erratum 8298 and validated by the
  IETF\, allows an attacker on the same network to impersonate the master r
 outer during a priority conflict\, revealing a weakness in the protocol’
 s design.
DTSTAMP:20260512T161323Z
LOCATION:Amphitheater 122
SUMMARY:When Priority Isn’t Enough: Exploiting the VRRP Tie-Breaking IP M
 echanism - Geoffrey Sauvageot-Berland
URL:https://cfp.pass-the-salt.org/pts2025/talk/UATTRT/
END:VEVENT
END:VCALENDAR