Presentation is loading. Please wait.

Presentation is loading. Please wait.

By Alex Kirshon and Dima Gonikman Under the Guidance of Gabi Nakibly.

Published byRoss Turner Modified over 9 years ago

Similar presentations

Presentation on theme: "By Alex Kirshon and Dima Gonikman Under the Guidance of Gabi Nakibly."— Presentation transcript:

1 By Alex Kirshon and Dima Gonikman Under the Guidance of Gabi Nakibly

2  Project Objectives  OSPF Routing Protocol Protocol Overview Known Attacks Description  Project Accomplishments Fake Adjacency Attack Adjacency Corruption Attack  Project Summary Outline

3  Study of vulnerabilities of OSPF from the protocol perspective  Exploitation of vulnerabilities to attack an OSPF network in new and improved ways  Prove effectiveness of attacks by collecting network statistics in simulated environment OSPF Attacks Project Objectives

4 OSPF Routing Protocol Open Shortest Path First  A Second Generation Internal Routing Protocol  Main Purpose – Internal Gateway Protocol – establishment an maintenance of routes within an Autonomous System  Dijkstra Algorithm based routing topology

5 OSPF Routing Protocol Open Shortest Path First  Link State Advertisement Protocol  Hello Protocol - discovery of neighbors and forming adjacencies (~Every 10 seconds)  Most protocol data is exchanged exclusively over adjacencies  Areas – an administrative abstraction

6 OSPF Routing Protocol Security Features  Simple Encryption MD5 based Message Authentication Code  ‘Natural Fightback’ mechanism False LSAs are updated or flushed by legitimate router  Areas as a Security Measure Flooding of false information is limited to area of origin

7 OSPF Routing Protocol The Link State Database

8 OSPF Routing Protocol Some Known Attacks  Max Sequence Number Attack Prevents Fightback  False Forwarding Address Attack Creates data loops  False Designated Router Attack Impacts AS connectivity

9 Project Accomplishments New Attacks  Fake Adjacency Attack  Adjacency Corruption Attack

10 Fake Adjacency Attack  Attack Goal – Establishing an adjacency with a phantom router  Motivation – Being Adjacent is a powerful position  Link State Databases are synchronized over adjacencies, being adjacent means being able to change other LSDBs at will

11 Hello Protocol And Adjacency Bring-Up

12 Fake Adjacency Attack Description  Send Spoofed Hello Packet to Victim Network Designated Router  Perform the Adjacency Bring-Up Procedure Without Hearing Victim Response (Send “next packet” every RTT)  Inject False Routing Information Via Spoofed LSU Packets (~ Every 30 minutes)  Maintain Attack By Periodically Sending Spoofed Hello Packets (~Every 10 seconds)

13 Fake Adjacency Attack

14

15

16

17  Advantages Not Dependent On Network Topology Easy Maintenance – generating messages for maintenance is easy, and not frequent Powerful – can cause information loss, not bothered by limitations caused by areas  Disadvantages Exposed and requires High Maintenance – The attacker sends a false message every 10 seconds, this is traceable

18 Adjacency Corruption Attack  Attack Goal – Controlling The Fightback Mechanism  Motivation – Knowing When Fightback Occurs Helps to Overcome It  Lack of Fightback Means False Information Stays in the System Longer

19 Adjacency Corruption Attack Description  Send Spoofed LSU to Victim Router  Immediately Send Same Spoofed LSU to Network Designated Router (After RTT) The DR will fight the injected information but it will be rejected by the victim  Send Spoofed LSA Ack to Network DR (After RTT)  Maintain Attack By Periodically Repeating it (~Every 30 minutes)

20 Adjacency Corruption Attack

21

22

23

24

25

26  Advantages Powerful – can cause information loss or routing loops, not bothered by limitations caused by areas Low Maintenance – Attacker sends 3 protocol messages every 30 minutes  Disadvantages Dependent On Network Topology

27 OSPF Attacks Project Summary  What We Accomplished: Found 2 New Major Security Weaknesses in OSPFv2 RFC Exploited Said Weaknesses to Gain Positions of Power Proved Applicability of Exploits Using OMNET++

28 Thanks for Listening  Any Questions?

Download ppt "By Alex Kirshon and Dima Gonikman Under the Guidance of Gabi Nakibly."

Similar presentations

PROJECT IN COMPUTER SECURITY - 236349 IS-IS ROUTING ATTACKS Supervisor Gabi Nakibly, Ph.D. Students Bar Weiner, Asaf Mor Spring 2012.

PROJECT IN COMPUTER SECURITY IS-IS ROUTING ATTACKS Supervisor Gabi Nakibly, Ph.D. Students Bar Weiner, Asaf Mor Spring 2012.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 6: Multiarea OSPF Scaling Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 6: Multiarea OSPF Scaling Networks.
BY MICHAEL SUDKOVITCH AND DAVID ROITMAN UNDER THE GUIDANCE OF DR. GABI NAKIBLY OSPF Security project: Summary.

BY MICHAEL SUDKOVITCH AND DAVID ROITMAN UNDER THE GUIDANCE OF DR. GABI NAKIBLY OSPF Security project: Summary.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—3-1 Medium-Sized Routed Network Construction Reviewing Routing Operations.

© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—3-1 Medium-Sized Routed Network Construction Reviewing Routing Operations.
1 LINK STATE PROTOCOLS (contents) Disadvantages of the distance vector protocols Link state protocols Why is a link state protocol better?

1 LINK STATE PROTOCOLS (contents) Disadvantages of the distance vector protocols Link state protocols Why is a link state protocol better?
1 ELEN 602 Lecture 20 More on Routing RIP, OSPF, BGP.

1 ELEN 602 Lecture 20 More on Routing RIP, OSPF, BGP.
1 Relates to Lab 4. This module covers link state routing and the Open Shortest Path First (OSPF) routing protocol. Dynamic Routing Protocols II OSPF.

1 Relates to Lab 4. This module covers link state routing and the Open Shortest Path First (OSPF) routing protocol. Dynamic Routing Protocols II OSPF.
Unicast Routing Protocols: RIP, OSPF, and BGP

Unicast Routing Protocols: RIP, OSPF, and BGP
CSEE W4140 Networking Laboratory Lecture 5: IP Routing (OSPF and BGP) Jong Yul Kim 02.18.2009.

CSEE W4140 Networking Laboratory Lecture 5: IP Routing (OSPF and BGP) Jong Yul Kim
1 CCNA 3 v3.1 Module 2. 2 CCNA 3 Module 2 Single Area OSPF.

1 CCNA 3 v3.1 Module 2. 2 CCNA 3 Module 2 Single Area OSPF.
1 ECE453 – Introduction to Computer Networks Lecture 10 – Network Layer (Routing II)

1 ECE453 – Introduction to Computer Networks Lecture 10 – Network Layer (Routing II)
Objectives After completing this chapter you will be able to: Describe hierarchical routing in OSPF Describe the 3 protocols in OSPF, the Hello, Exchange.

Objectives After completing this chapter you will be able to: Describe hierarchical routing in OSPF Describe the 3 protocols in OSPF, the Hello, Exchange.
1 Relates to Lab 4. This module covers link state routing and the Open Shortest Path First (OSPF) routing protocol. Dynamic Routing Protocols II OSPF.

1 Relates to Lab 4. This module covers link state routing and the Open Shortest Path First (OSPF) routing protocol. Dynamic Routing Protocols II OSPF.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—3-1 Determining IP Routes Introducing Link-State and Balanced Hybrid Routing.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—3-1 Determining IP Routes Introducing Link-State and Balanced Hybrid Routing.
Introduction to networking Dynamic routes. Objectives  Define dynamic routing and its properties  Describe the classes of routing protocols  Describe.

Introduction to networking Dynamic routes. Objectives  Define dynamic routing and its properties  Describe the classes of routing protocols  Describe.
Open Shortest Path First (OSPF) -Sheela Anand -Kalyani Ravi -Saroja Gadde.

Open Shortest Path First (OSPF) -Sheela Anand -Kalyani Ravi -Saroja Gadde.
Routing and Routing Protocols Dynamic Routing Overview.

Routing and Routing Protocols Dynamic Routing Overview.
1 CS 4396 Computer Networks Lab Dynamic Routing Protocols - II OSPF.

1 CS 4396 Computer Networks Lab Dynamic Routing Protocols - II OSPF.
Lecture Week 10 Link-State Routing Protocols. Objectives Describe the basic features & concepts of link-state routing protocols. List the benefits and.

Lecture Week 10 Link-State Routing Protocols. Objectives Describe the basic features & concepts of link-state routing protocols. List the benefits and.
Routing/Routed Protocols. Remember: A Routed Protocol – defines logical addressing. Most notable example on the test – IP A Routing Protocol – fills the.

Routing/Routed Protocols. Remember: A Routed Protocol – defines logical addressing. Most notable example on the test – IP A Routing Protocol – fills the.

Similar presentations

Ads by Google