BY MICHAEL SUDKOVITCH AND DAVID ROITMAN UNDER THE GUIDANCE OF DR. GABI NAKIBLY OSPF Security project: Summary.

Slides:



Advertisements
Similar presentations
CCNA3: Switching Basics and Intermediate Routing v3.0 CISCO NETWORKING ACADEMY PROGRAM Chapter 2 – Single Area OSPF Single Area OSPF Link State Routing.
Advertisements

Introduction to OSPF.
Lonnie Decker Multiarea OSPF for CCNA Department Chair, Networking/Information Assurance Davenport University, Michigan August 2013 Elaine Horn Cisco Academy.
PROJECT IN COMPUTER SECURITY IS-IS ROUTING ATTACKS Supervisor Gabi Nakibly, Ph.D. Students Bar Weiner, Asaf Mor Spring 2012.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 6: Multiarea OSPF Scaling Networks.
By Alex Kirshon and Dima Gonikman Under the Guidance of Gabi Nakibly.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—3-1 Medium-Sized Routed Network Construction Reviewing Routing Operations.
1 LINK STATE PROTOCOLS (contents) Disadvantages of the distance vector protocols Link state protocols Why is a link state protocol better?
1 ELEN 602 Lecture 20 More on Routing RIP, OSPF, BGP.
Unicast Routing Protocols: RIP, OSPF, and BGP
Objectives After completing this chapter you will be able to: Describe hierarchical routing in OSPF Describe the 3 protocols in OSPF, the Hello, Exchange.
1 Relates to Lab 4. This module covers link state routing and the Open Shortest Path First (OSPF) routing protocol. Dynamic Routing Protocols II OSPF.
ROUTING ON THE INTERNET COSC Aug-15. Routing Protocols  routers receive and forward packets  make decisions based on knowledge of topology.
Chapter 12 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Read a routing table  Configure a static route 
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Adjust and Troubleshoot Single- Area OSPF Scaling Networks.
Link State Routing Protocol W.lilakiatsakun. Introduction (1) Link-state routing protocols are also known as shortest path first protocols and built around.
Open Shortest Path First (OSPF) -Sheela Anand -Kalyani Ravi -Saroja Gadde.
Routing and Routing Protocols Dynamic Routing Overview.
1 CS 4396 Computer Networks Lab Dynamic Routing Protocols - II OSPF.
OSPF Open Shortest Path First (OSPF) is a link-state routing protocol for Internet Protocol (IP) networks. It uses a link state routing algorithm and.
Lecture Week 10 Link-State Routing Protocols. Objectives Describe the basic features & concepts of link-state routing protocols. List the benefits and.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 14 Routing Protocols RIP, OSPF, BGP.
M.Menelaou CCNA2 ROUTING. M.Menelaou ROUTING Routing is the process that a router uses to forward packets toward the destination network. A router makes.
LAN Switching and WAN Networks Topic 6 - OSPF. What we have done so far! 18/09/2015Richard Hancock2  Looked at the basic switching concepts and configuration.
© 1999, Cisco Systems, Inc OSPF Overview RFC 2328, 2178, 1583.
Network Architecture and Design
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Unicast Routing Protocols.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 13 Routing Protocols (RIP, OSPF, BGP)
Introduction to OSPF Nishal Goburdhan. Routing and Forwarding Routing is not the same as Forwarding Routing is the building of maps Each routing protocol.
1 Routing Table  The seven fields Mask: for finding (sub)network address of the destination l Host-specific routing: (/32) l Default routing:
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 2 Single-Area OSPF.
1 Module 4: Implementing OSPF. 2 Lessons OSPF OSPF Areas and Hierarchical Routing OSPF Operation OSPF Routing Tables Designing an OSPF Network.
Link State Routing NETE0521 Presented by Dr.Apichan Kanjanavapastit.
Networks and Protocols CE Week 8b. Link state Routing.
Routing and Routing Protocols
An internet is a combination of networks connected by routers. When a datagram goes from a source to a destination, it will probably pass through many.
Dynamic Routing Protocols II OSPF
Routing protocols. 1.Introduction A routing protocol is the communication used between routers. A routing protocol allows routers to share information.
CO5023 Single Area OSPF. Routing So far, we’ve looked at issues concerning the distribution and access layers. Routing is the process used to interconnect.
Routing Protocols Brandon Wagner.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Single-Area OSPF Routing Protocols.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Link-State Routing Protocols Routing Protocols and Concepts – Chapter 10.
Single Area OSPF Module 2, Review How routing information is maintained Link-state routers apply the Dijkstra shortest path first algorithm against.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Single-Area OSPF Routing & Switching.
Open Shortest Path First (OSPF)
Computer Networks Routing Algorithms.
Single Area OSPF Link State Routing Single Area OSPF Concepts
Dynamic Routing Protocols II OSPF
Instructor Materials Chapter 5: Dynamic Routing
Link State Routing protocol
(How the routers’ tables are filled in)
(How the routers’ tables are filled in)
OSPF (Open Shortest Path First)
Routing Protocols and Concepts
TODAY’S TENTATIVE AGENDA
Link-State Routing Protocols
Dynamic Routing Protocols part2
Instructor Materials Chapter 10: OSPF Tuning and Troubleshooting
Chapter 5: Dynamic Routing
Chapter 5: Dynamic Routing
(How the routers’ tables are filled in)
Dynamic Routing Protocols II OSPF
Link-State Routing Protocols
Chapter 8: Single-Area OSPF
COMPUTER NETWORKS CS610 Lecture-42 Hammad Khalid Khan.
Cisco networking, CNET-448
Cisco networking, CNET-448
Link-State Routing Protocols
Dynamic Routing Protocols part3 B
Novel Attacks in OSPF Networks to Poison Routing Table
Presentation transcript:

BY MICHAEL SUDKOVITCH AND DAVID ROITMAN UNDER THE GUIDANCE OF DR. GABI NAKIBLY OSPF Security project: Summary

Project goals Find OSPF vulnerabilities. Investigate new means of disrupting traffic in networks running OSPF. Implement our attacks and measure their effectiveness.

Project milestones Detailed Study of RFC 2328 (OSPFv2). Research on known attacks implemented so far. Learning to work with OMNet++ Environment and constructing sample networks using it. Invention of new attacks on OSPF. Implementation of the attacks using OMNet++. Collecting and analyzing the attack’s results.

Introduction to OSPF OSPF: Open Shortest Path First (RFC 2328) OSPF is a routing protocol designed to work on Autonomous Systems (AS) Provides shortest path routes to any destination in the AS.

How does it work? Routers discover one another using Hello messages. They use LSA messages to exchange routing information between themselves. Using LSA, each OSPF router creates a graph representing the structure of the AS. All the OSPF routers in the network eventually converge to the same graph. From that graph the OSPF router builds a shortest path tree with itself as root using the Dijkstra algorithm.

Assumptions Our only assumption is that we have full control over a single OSPF router. From there, we have to cause maximum damage to the AS.  Therefore, overcoming OSPF Authentication Protection is trivial, since the authentication key is known to us.

Proposed Attacks Introduction We discovered and implemented three different attacks on the OSFP algorithm. Our attacks exploit the Hello algorithm and a special kind of LSA messages, called Network LSAs. These Network LSAs are being sent by a DR – a Designated Router, which is elected amongst other routers adjacent to a network – according to a pre- set priority of each router.

Proposed Attacks Introduction - cont. There are two main types of networks, transit and stub. Transit networks allow the travel of foreign packets through them. Stubs do not. We exploit weaknesses in the Designated router election process in order to eliminate the network LSAs being sent by that network. Once a transit network is deprived of it’s network LSAs, it becomes a stub. All routes that used to pass through it, now can not.

Our example AS

Attack 1 Can be launched on the compromised router only. The compromised router falsifies its priority to be the highest possible. It is then elected to be the DR for its network. And then stops sending Network LSA. Once no Network LSAs are sent for a specific network, it becomes a stub network; new routes must be set; connectivity may be broken. Pros: Easy implementation. Cons: The compromised router may be easily spotted.

Attack 2 Can be launched upon routers adjacent to the attacker. The compromised router A sends Hello messages, impersonating himself as a neighboring router B. Router A also advertises a false high priority for B. Hence, B is elected to become a DR without knowing it. B will not send Network LSAs because it is not aware of itself being a DR. Pros: The actual attacker is hidden! He is also able to choose which router to attack. Cons: Somewhat more difficult to implement.

Attack 2 statistics

Attack 3 The compromised router can target any network in the AS. The compromised router sends a malicious hello message with high priority to the designated router of some network. That designated router then thinks that the attacking router will now be the new DR. Hence, it stops sending network LSAs and relinquishes DR control. The attacking router doesn’t send them either. The network becomes a stub.

Attack 3 statistics

Example - Before the attack H3 to H2 cost is 6 H1 to H2 cost is 3 H4 to H2 cost is 7

Example - After an attack on N1 H3 to H2 cost was 6 now 8 H 1 to H2 cost was 3 now 9 H4 to H2 cost was 7 now 11

Comparing the two attacks

Conclusions: Choosing an attack Which attack should we choose.  Attack 2 is always preferable to attack 1.  Attacks 2 and 3 have different effects.  Possible to combine between attacks. Which network should we choose to attack.  Some networks are more vulnerable to attack then others.  Especially networks that create a partition.  Attack 3 can reach more distant networks.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.