Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • OSPF Security Project:: by Michael Sudkovitch and David Roitman

    Загружено:

    DenisXavi
    15 просмотров18 страниц
    ospf

    Оригинальное название

    2009 2 Ospf Presentation

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PPTX, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    ospf

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PPTX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    15 просмотров18 страниц

    OSPF Security Project:: by Michael Sudkovitch and David Roitman

    Загружено:

    DenisXavi
    ospf

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PPTX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 18

    OSPF Security project:

    Summary

    BY MICHAEL SUDKOVITCH
    AND DAVID ROITMAN
    UNDER THE GUIDANCE OF DR. GABI NAKIBLY
    Project goals

     Find OSPF vulnerabilities.

     Investigate new means of disrupting traffic in


    networks running OSPF.

     Implement our attacks and measure their


    effectiveness.
    Project milestones

    • Detailed Study of RFC 2328 (OSPFv2).


    • Research on known attacks implemented so far.
    • Learning to work with OMNet++ Environment and
    constructing sample networks using it.
    • Invention of new attacks on OSPF.
    • Implementation of the attacks using OMNet++.
    • Collecting and analyzing the attack’s results.
    Introduction to OSPF

     OSPF: Open Shortest Path First (RFC 2328)

     OSPF is a routing protocol designed to work on


    Autonomous Systems (AS)

     Provides shortest path routes to any destination in


    the AS.
    How does it work?

     Routers discover one another using Hello messages.


     They use LSA messages to exchange routing
    information between themselves.
     Using LSA, each OSPF router creates a graph
    representing the structure of the AS.
     All the OSPF routers in the network eventually
    converge to the same graph.
     From that graph the OSPF router builds a shortest
    path tree with itself as root using the Dijkstra
    algorithm.
    Assumptions

     Our only assumption is that we have full control over


    a single OSPF router. From there, we have to cause
    maximum damage to the AS.
     Therefore, overcoming OSPF Authentication Protection is
    trivial, since the authentication key is known to us.
    Proposed Attacks Introduction

     We discovered and implemented three different


    attacks on the OSFP algorithm.

     Our attacks exploit the Hello algorithm and a special


    kind of LSA messages, called Network LSAs.

     These Network LSAs are being sent by a DR – a


    Designated Router, which is elected amongst other
    routers adjacent to a network – according to a pre-
    set priority of each router.
    Proposed Attacks Introduction - cont.

     There are two main types of networks, transit and


    stub.
     Transit networks allow the travel of foreign packets
    through them. Stubs do not.
     We exploit weaknesses in the Designated router
    election process in order to eliminate the network
    LSAs being sent by that network.
     Once a transit network is deprived of it’s network
    LSAs, it becomes a stub.
     All routes that used to pass through it, now can not.
    Our example AS
    Attack 1

     Can be launched on the compromised router only.


     The compromised router falsifies its priority to be the
    highest possible.
     It is then elected to be the DR for its network.
     And then stops sending Network LSA.
     Once no Network LSAs are sent for a specific network, it
    becomes a stub network; new routes must be set;
    connectivity may be broken.

     Pros: Easy implementation.


     Cons: The compromised router may be easily spotted.
    Attack 2

     Can be launched upon routers adjacent to the attacker.


     The compromised router A sends Hello messages,
    impersonating himself as a neighboring router B.
     Router A also advertises a false high priority for B.
     Hence, B is elected to become a DR without knowing it.
     B will not send Network LSAs because it is not aware of
    itself being a DR.

     Pros: The actual attacker is hidden! He is also able to


    choose which router to attack.
     Cons: Somewhat more difficult to implement.
    Attack 2 statistics
    Attack 3

     The compromised router can target any network in


    the AS.
     The compromised router sends a malicious hello
    message with high priority to the designated router
    of some network.
     That designated router then thinks that the attacking
    router will now be the new DR. Hence, it stops
    sending network LSAs and relinquishes DR control.
     The attacking router doesn’t send them either.
     The network becomes a stub.
    Attack 3 statistics
    Example - Before the attack

    H3 to H2 cost is 6
    H1 to H2 cost is 3
    H4 to H2 cost is 7
    Example - After an attack on N1

    H3 to H2 cost was 6 now 8


    H 1 to H2 cost was 3 now 9
    H4 to H2 cost was 7 now 11
    Comparing the two attacks
    Conclusions: Choosing an attack

     Which attack should we choose.


     Attack 2 is always preferable to attack 1.

     Attacks 2 and 3 have different effects.

     Possible to combine between attacks.

     Which network should we choose to attack.


     Some networks are more vulnerable to attack then
    others.
     Especially networks that create a partition.

     Attack 3 can reach more distant networks.

    Вам также может понравиться