By Alex Kirshon and Dima Gonikman Under the Guidance of Gabi Nakibly.

Slides:



Advertisements
Similar presentations
PROJECT IN COMPUTER SECURITY IS-IS ROUTING ATTACKS Supervisor Gabi Nakibly, Ph.D. Students Bar Weiner, Asaf Mor Spring 2012.
Advertisements

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 6: Multiarea OSPF Scaling Networks.
BY MICHAEL SUDKOVITCH AND DAVID ROITMAN UNDER THE GUIDANCE OF DR. GABI NAKIBLY OSPF Security project: Summary.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—3-1 Medium-Sized Routed Network Construction Reviewing Routing Operations.
1 LINK STATE PROTOCOLS (contents) Disadvantages of the distance vector protocols Link state protocols Why is a link state protocol better?
1 ELEN 602 Lecture 20 More on Routing RIP, OSPF, BGP.
1 Relates to Lab 4. This module covers link state routing and the Open Shortest Path First (OSPF) routing protocol. Dynamic Routing Protocols II OSPF.
Unicast Routing Protocols: RIP, OSPF, and BGP
CSEE W4140 Networking Laboratory Lecture 5: IP Routing (OSPF and BGP) Jong Yul Kim
1 CCNA 3 v3.1 Module 2. 2 CCNA 3 Module 2 Single Area OSPF.
1 ECE453 – Introduction to Computer Networks Lecture 10 – Network Layer (Routing II)
Objectives After completing this chapter you will be able to: Describe hierarchical routing in OSPF Describe the 3 protocols in OSPF, the Hello, Exchange.
1 Relates to Lab 4. This module covers link state routing and the Open Shortest Path First (OSPF) routing protocol. Dynamic Routing Protocols II OSPF.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—3-1 Determining IP Routes Introducing Link-State and Balanced Hybrid Routing.
Introduction to networking Dynamic routes. Objectives  Define dynamic routing and its properties  Describe the classes of routing protocols  Describe.
Open Shortest Path First (OSPF) -Sheela Anand -Kalyani Ravi -Saroja Gadde.
Routing and Routing Protocols Dynamic Routing Overview.
1 CS 4396 Computer Networks Lab Dynamic Routing Protocols - II OSPF.
Lecture Week 10 Link-State Routing Protocols. Objectives Describe the basic features & concepts of link-state routing protocols. List the benefits and.
Routing/Routed Protocols. Remember: A Routed Protocol – defines logical addressing. Most notable example on the test – IP A Routing Protocol – fills the.
Unicast Routing Protocols  A routing protocol is a combination of rules and procedures that lets routers in the internet inform each other of changes.
M.Menelaou CCNA2 ROUTING. M.Menelaou ROUTING Routing is the process that a router uses to forward packets toward the destination network. A router makes.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 2 Module 6 Routing and Routing Protocols.
Routing protocols Basic Routing Routing Information Protocol (RIP) Open Shortest Path First (OSPF)
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Link-State Routing Protocols Routing Protocols and Concepts – Chapter 10.
Introduction to OSPF Nishal Goburdhan. Routing and Forwarding Routing is not the same as Forwarding Routing is the building of maps Each routing protocol.
Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 2 Single-Area OSPF.
CCNA 3 Week 2 Link State Protocols OSPF. Copyright © 2005 University of Bolton Distance Vector vs Link State Distance Vector –Copies Routing Table to.
1 Module 4: Implementing OSPF. 2 Lessons OSPF OSPF Areas and Hierarchical Routing OSPF Operation OSPF Routing Tables Designing an OSPF Network.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition
Networks and Protocols CE Week 8b. Link state Routing.
Copyright 2003 CCNA 3 Chapter 3 Single-Area OSPF By Your Name.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Single-Area OSPF Routing Protocols.
Open Shortest Path First (OSPF)
Dynamic Routing Protocols II OSPF
Routing protocols. 1.Introduction A routing protocol is the communication used between routers. A routing protocol allows routers to share information.
Routing in the Inernet Outcomes: –What are routing protocols used for Intra-ASs Routing in the Internet? –The Working Principle of RIP and OSPF –What is.
© 2002, Cisco Systems, Inc. All rights reserved..
Routing Protocols Brandon Wagner.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Single-Area OSPF Routing Protocols.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Link-State Routing Protocols Routing Protocols and Concepts – Chapter 10.
CS440 Computer Networks 1 Link State Routing and OSPF Neil Tang 10/31/2008.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—3-1 Implementing a Scalable Multiarea Network OSPF-Based Solution How OSPF Packet Processes.
TCP/IP (Routing). Content DHCP And Mobile IP Internet Routing Protocol RIP (Routing Information Protocol) OSPF (Open Shortest Path First) BGP (Border.
Single Area OSPF Module 2, Review How routing information is maintained Link-state routers apply the Dijkstra shortest path first algorithm against.
© 2002, Cisco Systems, Inc. All rights reserved..
1 Relates to Lab 4. This module covers link state routing and the Open Shortest Path First (OSPF) routing protocol. Dynamic Routing Protocols II OSPF.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Single-Area OSPF Routing & Switching.
ROURING ALGORITHM: LINK STATE
CCNA 3 Chapter 3 Single-Area OSPF
Dynamic Routing Protocols II OSPF
Instructor Materials Chapter 5: Dynamic Routing
Routing Protocols and Concepts
COMP 3270 Computer Networks
Link-State Routing Protocols
Dynamic Routing Protocols part2
© 2002, Cisco Systems, Inc. All rights reserved.
Chapter 5: Dynamic Routing
Chapter 5: Dynamic Routing
Dynamic Routing Protocols II OSPF
Link-State Routing Protocols
Dynamic Routing and OSPF
Chapter 8: Single-Area OSPF
Dynamic Routing Protocols part2
Cisco networking, CNET-448
Link-State Routing Protocols
CCNP Network Route OSPF Part -II
Dynamic Routing Protocols part3 B
Novel Attacks in OSPF Networks to Poison Routing Table
Presentation transcript:

By Alex Kirshon and Dima Gonikman Under the Guidance of Gabi Nakibly

 Project Objectives  OSPF Routing Protocol Protocol Overview Known Attacks Description  Project Accomplishments Fake Adjacency Attack Adjacency Corruption Attack  Project Summary Outline

 Study of vulnerabilities of OSPF from the protocol perspective  Exploitation of vulnerabilities to attack an OSPF network in new and improved ways  Prove effectiveness of attacks by collecting network statistics in simulated environment OSPF Attacks Project Objectives

OSPF Routing Protocol Open Shortest Path First  A Second Generation Internal Routing Protocol  Main Purpose – Internal Gateway Protocol – establishment an maintenance of routes within an Autonomous System  Dijkstra Algorithm based routing topology

OSPF Routing Protocol Open Shortest Path First  Link State Advertisement Protocol  Hello Protocol - discovery of neighbors and forming adjacencies (~Every 10 seconds)  Most protocol data is exchanged exclusively over adjacencies  Areas – an administrative abstraction

OSPF Routing Protocol Security Features  Simple Encryption MD5 based Message Authentication Code  ‘Natural Fightback’ mechanism False LSAs are updated or flushed by legitimate router  Areas as a Security Measure Flooding of false information is limited to area of origin

OSPF Routing Protocol The Link State Database

OSPF Routing Protocol Some Known Attacks  Max Sequence Number Attack Prevents Fightback  False Forwarding Address Attack Creates data loops  False Designated Router Attack Impacts AS connectivity

Project Accomplishments New Attacks  Fake Adjacency Attack  Adjacency Corruption Attack

Fake Adjacency Attack  Attack Goal – Establishing an adjacency with a phantom router  Motivation – Being Adjacent is a powerful position  Link State Databases are synchronized over adjacencies, being adjacent means being able to change other LSDBs at will

Hello Protocol And Adjacency Bring-Up

Fake Adjacency Attack Description  Send Spoofed Hello Packet to Victim Network Designated Router  Perform the Adjacency Bring-Up Procedure Without Hearing Victim Response (Send “next packet” every RTT)  Inject False Routing Information Via Spoofed LSU Packets (~ Every 30 minutes)  Maintain Attack By Periodically Sending Spoofed Hello Packets (~Every 10 seconds)

Fake Adjacency Attack

 Advantages Not Dependent On Network Topology Easy Maintenance – generating messages for maintenance is easy, and not frequent Powerful – can cause information loss, not bothered by limitations caused by areas  Disadvantages Exposed and requires High Maintenance – The attacker sends a false message every 10 seconds, this is traceable

Adjacency Corruption Attack  Attack Goal – Controlling The Fightback Mechanism  Motivation – Knowing When Fightback Occurs Helps to Overcome It  Lack of Fightback Means False Information Stays in the System Longer

Adjacency Corruption Attack Description  Send Spoofed LSU to Victim Router  Immediately Send Same Spoofed LSU to Network Designated Router (After RTT) The DR will fight the injected information but it will be rejected by the victim  Send Spoofed LSA Ack to Network DR (After RTT)  Maintain Attack By Periodically Repeating it (~Every 30 minutes)

Adjacency Corruption Attack

 Advantages Powerful – can cause information loss or routing loops, not bothered by limitations caused by areas Low Maintenance – Attacker sends 3 protocol messages every 30 minutes  Disadvantages Dependent On Network Topology

OSPF Attacks Project Summary  What We Accomplished: Found 2 New Major Security Weaknesses in OSPFv2 RFC Exploited Said Weaknesses to Gain Positions of Power Proved Applicability of Exploits Using OMNET++

Thanks for Listening  Any Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.