From 6cac8f98b19c1060e55ddb8f4711658aff6313ef Mon Sep 17 00:00:00 2001
From: HackTricks News Bot <bot@hacktricks.xyz>
Date: Thu, 12 Mar 2026 16:42:03 +0000
Subject: [PATCH] Add content from: Research Update Enhanced
 src/generic-methodologies-and-resou...

---
 .../pentesting-network/eigrp-attacks.md       | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/src/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md b/src/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md
index bb64aa79696..435375e886a 100644
--- a/src/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md
+++ b/src/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md
@@ -58,6 +58,30 @@
   - `--as`: Defines the EIGRP AS number.
   - `--src`: Sets the attacker’s IP address.
 
+## **Protocol Notes for Crafting EIGRP Packets**
+
+- **Packet types**: HELLO (includes ACK), UPDATE, QUERY (includes SIA-Query), REPLY (includes SIA-Reply), REQUEST.
+- **Transport**: EIGRP is IP protocol **88**, typically multicast to **224.0.0.10** (IPv4) / **FF02::A** (IPv6).
+- **Authentication TLV**: RFC 7868 defines authentication types **0x02 (MD5)** and **0x03 (SHA2-256)**.
+
+```bash
+# Capture EIGRP over IPv4 (IP protocol 88)
+sudo tcpdump -ni eth0 ip proto 88
+
+# Capture EIGRP over IPv6 (IP protocol 88)
+sudo tcpdump -ni eth0 ip6 proto 88
+```
+
+## **Query-Flooding / SIA-Induced Neighbor Reset**
+
+- **Behavior**: If a router does not receive a **Reply** to a **Query** within ~3 minutes, it enters **Stuck-In-Active (SIA)** and clears the neighbor adjacency.
+- **Attack idea**: Force routers into the **active** state (for example, by advertising and withdrawing routes or poisoning key prefixes) and then **suppress/delay Replies**. This can drive repeated SIA events and adjacency resets, leading to sustained instability or DoS.
+
+## References
+
+- [RFC 7868 - Cisco's Enhanced Interior Gateway Routing Protocol (EIGRP)](https://datatracker.ietf.org/doc/html/rfc7868)
+- [Troubleshoot EIGRP Common Issues (SIA)](https://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/118974-technote-eigrp-00.html)
+
 {{#include ../../banners/hacktricks-training.md}}