Details
Logging changes to the EIGRP peering relationships is recommended. This setting is enabled by default.
Rationale:
Any logged changes in a routing peer relationship will in the best case indicate a service issue due to standard operational issues (connectivity issues and so on) or in the worst case, could indicate malicious activity attempting to subvert the peering relationship and/or the routing table.
Impact:
Errors on adjacency relationships are a common early warning message in attacks on routers. If successful, a malicious actor can advertise bogus routes to valid hosts or networks, allowing the interception and modification of traffic intended for those hosts or subnets.
For this reason it is important that EIGRP endpoints alert on any interruptions in adjacency.
Solution
By default EIGRP adjacency changes are logged, and this does not show in the configuration.
If however it is disabled, it can be re-enabled as shown below.
switch(config)# router eigrp
switch(config-router)# log-adjacency-changes
Default Value:
By default logging of eigrp adjacency changes is enabled.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Security Assessment and Authorization.This control applies to the following type of system Cisco.