Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network...
-
Upload
bruce-kennedy -
Category
Documents
-
view
219 -
download
0
Transcript of Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network...
![Page 1: Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649efc5503460f94c0fb5b/html5/thumbnails/1.jpg)
Persistent OSPF Attacks
Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh
19th Annual Network & Distributed System Security Conference (NDSS 2012)
![Page 2: Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649efc5503460f94c0fb5b/html5/thumbnails/2.jpg)
Outline
• Introduction (OSPF v2)
•OSPF Security Strengths
•Attack
• Impact and Analysis
•Mitigation Measures
![Page 3: Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649efc5503460f94c0fb5b/html5/thumbnails/3.jpg)
Introduction (OSPF v2)
•Most used protocol in Autonomous System
• Link State Routing Protocol
• LSA is flooded throughout the AS
•Designated Router
•Database Description (DBD) Messages
![Page 4: Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649efc5503460f94c0fb5b/html5/thumbnails/4.jpg)
Routing table
![Page 5: Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649efc5503460f94c0fb5b/html5/thumbnails/5.jpg)
Adjacency set up
![Page 6: Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649efc5503460f94c0fb5b/html5/thumbnails/6.jpg)
Security Strengths
•Per Link Authentication
•Flooding
•Fight Back
•LSA Content
![Page 7: Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649efc5503460f94c0fb5b/html5/thumbnails/7.jpg)
Remote False Adjacency Attack• To fool a remote router
•Persistent control over routing table
•Denial of Service -Link overload-Routing loops -Delivery Failure
• Eavesdropping
![Page 8: Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649efc5503460f94c0fb5b/html5/thumbnails/8.jpg)
Mechanism
![Page 9: Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649efc5503460f94c0fb5b/html5/thumbnails/9.jpg)
![Page 10: Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649efc5503460f94c0fb5b/html5/thumbnails/10.jpg)
Consequences
•Attack can be exploited to black hole traffic
•Black-holing most AS traffic with single phantom router
![Page 11: Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649efc5503460f94c0fb5b/html5/thumbnails/11.jpg)
Real World Impact
List of AS topologies used
AS number ISP name Number of Routers
1221 Telstra 115
3967 Exodus 80
6461 Abovenet 145
![Page 12: Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649efc5503460f94c0fb5b/html5/thumbnails/12.jpg)
Percentage of black-holed routers pairs when multiple phantom routers are used
1 2 3 40%
10%
20%
30%
40%
50%
60%
70%
80%
Telstra Exodus Abovenet
![Page 13: Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649efc5503460f94c0fb5b/html5/thumbnails/13.jpg)
Mitigation Measures
•Protocol Weakness•Same secret key•Master cannot see message content
•Anti source-IP spoofing
•Master must prove to slave that it has seen at least one message from slave
![Page 14: Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649efc5503460f94c0fb5b/html5/thumbnails/14.jpg)
THANKYOU
AND
ANYQuestions?