1 / 18

OSPF Security project: Summary

OSPF Security project: Summary. By Michael Sudkovitch And David Roitman Under the guidance of Dr. Gabi Nakibly. Project goals. Find OSPF vulnerabilities. Investigate new means of disrupting traffic in networks running OSPF. Implement our attacks and measure their effectiveness.

sancho
Download Presentation

OSPF Security project: Summary

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. OSPF Security project:Summary By Michael Sudkovitch And David Roitman Under the guidance of Dr. Gabi Nakibly

  2. Project goals • Find OSPF vulnerabilities. • Investigate new means of disrupting traffic in networks running OSPF. • Implement our attacks and measure their effectiveness.

  3. Project milestones • Detailed Study of RFC 2328 (OSPFv2). • Research on known attacks implemented so far. • Learning to work with OMNet++ Environment and constructing sample networks using it. • Invention of new attacks on OSPF. • Implementation of the attacks using OMNet++. • Collecting and analyzing the attack’s results.

  4. Introduction to OSPF • OSPF: Open Shortest Path First (RFC 2328) • OSPF is a routing protocol designed to work on Autonomous Systems (AS) • Provides shortest path routes to any destination in the AS.

  5. How does it work? • Routers discover one another using Hello messages. • They use LSA messages to exchange routing information between themselves. • Using LSA, each OSPF router creates a graph representing the structure of the AS. • All the OSPF routers in the network eventually converge to the same graph. • From that graph the OSPF router builds a shortest path tree with itself as root using the Dijkstra algorithm.

  6. Assumptions • Our only assumption is that we have full control over a single OSPF router. From there, we have to cause maximum damage to the AS. • Therefore, overcoming OSPF Authentication Protection is trivial, since the authentication key is known to us.

  7. Proposed Attacks Introduction • We discovered and implemented three different attacks on the OSFP algorithm. • Our attacks exploit the Hello algorithm and a special kind of LSA messages, called Network LSAs. • These Network LSAs are being sent by a DR – a Designated Router, which is elected amongst other routers adjacent to a network – according to a pre-set priority of each router.

  8. Proposed Attacks Introduction - cont. • There are two main types of networks, transit and stub. • Transit networks allow the travel of foreign packets through them. Stubs do not. • We exploit weaknesses in the Designated router election process in order to eliminate the network LSAs being sent by that network. • Once a transit network is deprived of it’s network LSAs, it becomes a stub. • All routes that used to pass through it, now can not.

  9. Our example AS

  10. Attack 1 • Can be launched on the compromised router only. • The compromised router falsifies its priority to be the highest possible. • It is then elected to be the DR for its network. • And then stops sending Network LSA. • Once no Network LSAs are sent for a specific network, it becomes a stub network; new routes must be set; connectivity may be broken. • Pros: Easy implementation. • Cons: The compromised router may be easily spotted.

  11. Attack 2 • Can be launched upon routers adjacent to the attacker. • The compromised router A sends Hello messages, impersonating himself as a neighboring router B. • Router A also advertises a false high priority for B. • Hence, B is elected to become a DR without knowing it. • B will not send Network LSAs because it is not aware of itself being a DR. • Pros: The actual attacker is hidden! He is also able to choose which router to attack. • Cons: Somewhat more difficult to implement.

  12. Attack 2 statistics

  13. Attack 3 • The compromised router can target any network in the AS. • The compromised router sends a malicious hello message with high priority to the designated router of some network. • That designated router then thinks that the attacking router will now be the new DR. Hence, it stops sending network LSAs and relinquishes DR control. • The attacking router doesn’t send them either. • The network becomes a stub.

  14. Attack 3 statistics

  15. Example - Before the attack H3 to H2 cost is 6 H1 to H2 cost is 3 H4 to H2 cost is 7

  16. Example - After an attack on N1 H3 to H2 cost was 6 now 8 H 1 to H2 cost was 3 now 9 H4 to H2 cost was 7 now 11

  17. Comparing the two attacks

  18. Conclusions: Choosing an attack • Which attack should we choose. • Attack 2 is always preferable to attack 1. • Attacks 2 and 3 have different effects. • Possible to combine between attacks. • Which network should we choose to attack. • Some networks are more vulnerable to attack then others. • Especially networks that create a partition. • Attack 3 can reach more distant networks.

More Related