ospf security project: summary
Post on 23-Feb-2016
45 Views
Preview:
DESCRIPTION
TRANSCRIPT
BY MICHAEL SUDKOVITCHAND DAVID ROITMAN
U N D E R T H E G U I D A N C E O F D R . G A B I N A K I B LY
OSPF Security project:Summary
Project goals
Find OSPF vulnerabilities.
Investigate new means of disrupting traffic in networks running OSPF.
Implement our attacks and measure their effectiveness.
Project milestones
• Detailed Study of RFC 2328 (OSPFv2).• Research on known attacks implemented so
far.• Learning to work with OMNet++
Environment and constructing sample networks using it.
• Invention of new attacks on OSPF.• Implementation of the attacks using OMNet+
+.• Collecting and analyzing the attack’s results.
Introduction to OSPF
OSPF: Open Shortest Path First (RFC 2328)
OSPF is a routing protocol designed to work on Autonomous Systems (AS)
Provides shortest path routes to any destination in the AS.
How does it work?
Routers discover one another using Hello messages.
They use LSA messages to exchange routing information between themselves.
Using LSA, each OSPF router creates a graph representing the structure of the AS.
All the OSPF routers in the network eventually converge to the same graph.
From that graph the OSPF router builds a shortest path tree with itself as root using the Dijkstra algorithm.
Assumptions
Our only assumption is that we have full control over a single OSPF router. From there, we have to cause maximum damage to the AS. Therefore, overcoming OSPF Authentication
Protection is trivial, since the authentication key is known to us.
Proposed Attacks Introduction
We discovered and implemented three different attacks on the OSFP algorithm.
Our attacks exploit the Hello algorithm and a special kind of LSA messages, called Network LSAs.
These Network LSAs are being sent by a DR – a Designated Router, which is elected amongst other routers adjacent to a network – according to a pre-set priority of each router.
Proposed Attacks Introduction - cont.
There are two main types of networks, transit and stub.
Transit networks allow the travel of foreign packets through them. Stubs do not.
We exploit weaknesses in the Designated router election process in order to eliminate the network LSAs being sent by that network.
Once a transit network is deprived of it’s network LSAs, it becomes a stub.
All routes that used to pass through it, now can not.
Our example AS
Attack 1
Can be launched on the compromised router only.The compromised router falsifies its priority to be
the highest possible.It is then elected to be the DR for its network.And then stops sending Network LSA.Once no Network LSAs are sent for a specific
network, it becomes a stub network; new routes must be set; connectivity may be broken.
Pros: Easy implementation.Cons: The compromised router may be easily
spotted.
Attack 2
Can be launched upon routers adjacent to the attacker.
The compromised router A sends Hello messages, impersonating himself as a neighboring router B.
Router A also advertises a false high priority for B.
Hence, B is elected to become a DR without knowing it.
B will not send Network LSAs because it is not aware of itself being a DR.
Pros: The actual attacker is hidden! He is also able to choose which router to attack.
Cons: Somewhat more difficult to implement.
Attack 2 statistics
Attack 3
The compromised router can target any network in the AS.
The compromised router sends a malicious hello message with high priority to the designated router of some network.
That designated router then thinks that the attacking router will now be the new DR. Hence, it stops sending network LSAs and relinquishes DR control.
The attacking router doesn’t send them either.
The network becomes a stub.
Attack 3 statistics
Example - Before the attack
H3 to H2 cost is 6H1 to H2 cost is 3H4 to H2 cost is 7
Example - After an attack on N1
H3 to H2 cost was 6 now 8
H 1 to H2 cost was 3 now 9
H4 to H2 cost was 7 now 11
Comparing the two attacks
Conclusions: Choosing an attack
Which attack should we choose. Attack 2 is always preferable to attack 1. Attacks 2 and 3 have different effects. Possible to combine between attacks.
Which network should we choose to attack. Some networks are more vulnerable to attack
then others. Especially networks that create a partition. Attack 3 can reach more distant networks.
top related