Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS.

Slides:

Advertisements

Similar presentations

Chris Karlof and David Wagner

Advertisements

PROJECT IN COMPUTER SECURITY IS-IS ROUTING ATTACKS Supervisor Gabi Nakibly, Ph.D. Students Bar Weiner, Asaf Mor Spring 2012.

BY MICHAEL SUDKOVITCH AND DAVID ROITMAN UNDER THE GUIDANCE OF DR. GABI NAKIBLY OSPF Security project: Summary.

Denial of Service in Sensor Networks Szymon Olesiak.

NS-H /11041 Attacks. NS-H /11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.

By Alex Kirshon and Dima Gonikman Under the Guidance of Gabi Nakibly.

OSPF Security Vulnerabilities Analysis draft-jones-OSPF-vuln-01.txt IETF 58 – RPSEC Working Group.

OSPF Incremental Link State Database Synchronization (draft-retana-ospf-ils-01) Alvaro Retana, Acee Lindem

1 LINK STATE PROTOCOLS (contents) Disadvantages of the distance vector protocols Link state protocols Why is a link state protocol better?

University of Massachusetts at Amherst 1 Flooding Attacks by Exploiting Persistent Forwarding Loops Jianhong Xia, Lixin Gao and Teng Fei University of.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.

Nov 11, 2004CS573: Network Protocols and Standards1 IP Routing: OSPF Network Protocols and Standards Autumn

1 ELEN 602 Lecture 20 More on Routing RIP, OSPF, BGP.

An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

A Secure Network Access Protocol (SNAP) A. F. Al Shahri, D. G. Smith and J. M. Irvine Proceedings of the Eighth IEEE International Symposium on Computers.

Routing Security in Ad Hoc Networks

Persistence lists Explain the purpose of persistence lists and what maintains them. Give an example of a client who should be on a persistence list.

ROUTING PROTOCOLS Rizwan Rehman. Static routing  each router manually configured with a list of destinations and the next hop to reach those destinations.

Routing Protocols Heng Sovannarith

OSPF Interior Gateway Routing. Introduction:  Intra ‐ domain routing: inside an AS, org.  Also called interior gateway protocol.  Early protocols used.

OSPF To route, a router needs to do the following: Know the destination address Identify the sources it can learn from Discover possible.

1 Message Routing Administration Routing Group Planning Connecting Routing Groups Link Status Information.

OSPF Security Vulnerabilities Analysis draft-ietf-rpsec-ospf-vuln-02.txt IETF 66 – RPSEC Working.

Collected By: Mehdi Daneshvar Supervisor: E.M.Kosari.

Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,

Dennis Beard Sandra Murphy Yi Yang March 2003 Threats to Routing Protocols.

SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.

RIP2 (Routing Information Protocol) Team Agile. Routing Protocols Link State – OSPF – ISIS Distance vector – RIP (version 1 and 2) – IGRP (Cisco Proprietary)

Lecture 27 Page 1 Advanced Network Security Routing Security Advanced Network Security Peter Reiher August, 2014.

Introduction to OSPF Nishal Goburdhan. Routing and Forwarding Routing is not the same as Forwarding Routing is the building of maps Each routing protocol.

Chapter 9 Networking & Distributed Security. csci5233 computer security & integrity (Chap. 9) 2 Outline Overview of Networking Threats Wiretapping, impersonation,

1 Pertemuan 03 Ancaman dan Serangan Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Real-Time Lusheng Ji†, Joint work with Changxi Zheng‡, Dan Pei†, Jia Wang†, Paul Francis‡

Secure and Energy-Efficient Disjoint Multi-Path Routing for WSNs Presented by Zhongming Zheng.

OSPF Offloading: The HELLO Protocol A First Step Toward Distributed Heterogeneous Offloading Speaker: Mary Bond.

Detecting Selective Dropping Attacks in BGP Mooi Chuah Kun Huang November 2006.

Routing and Routing Protocols

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—3-1 Implementing a Scalable Multiarea Network OSPF- Based Solution Lab 3-5 Debrief.

Open Shortest Path First (OSPF)

KAIS T SIGF : A Family of Configurable, Secure Routing Protocols for WSNs Sep. 20, 2007 Presented by Kim, Chano Brian Blum, Tian He, Sang Son, Jack Stankovic.

OSPF Open Shortest Path First. Table of Content  IP Routes  OSPF History  OSPF Design  OSPF Link State  OSPF Routing Table  OSPF Data Packets.

Teknik Routing Pertemuan 10 Matakuliah: H0524/Jaringan Komputer Tahun: 2009.

CO5023 Single Area OSPF. Routing So far, we’ve looked at issues concerning the distribution and access layers. Routing is the process used to interconnect.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—1-1 Configuring Catalyst Switch Operations Identifying Problems That Occur in Redundant Switched.

1 Border Gateway Protocol (BGP) and BGP Security Jeff Gribschaw Sai Thwin ECE 4112 Final Project April 28, 2005.

CS440 Computer Networks 1 Link State Routing and OSPF Neil Tang 10/31/2008.

RPSEC WG Issues with Routing Protocols security mechanisms Vishwas Manral, SiNett Russ White, Cisco Sue Hares, Next Hop IETF 63, Paris, France.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—3-1 Implementing a Scalable Multiarea Network OSPF-Based Solution How OSPF Packet Processes.

@Yuan Xue CS 285 Network Security Placement of Security Function and Security Service Yuan Xue Fall 2013.

Routing Threats and Key Management Sandra Murphy

1 CMPT 471 Networking II OSPF © Janice Regan,

RPSEC WG Issues with Routing Protocols security mechanisms

Introducing The OSPF Routing Protocol

Link-State Routing Protocols

Defending Against DDoS

Dynamic Interior Routing Information Mechanisms

Chapter 9: Multiarea OSPF

Module Summary Open Shortest Path First (OSPF) protocol is one of the most commonly used link-state IP routing protocols in networking. It is an open standard.

Link-State Routing Protocols

Dynamic Routing and OSPF

COMPUTER NETWORKS CS610 Lecture-42 Hammad Khalid Khan.

Cisco networking, CNET-448

Chapter 9: Multiarea OSPF

Chapter 22. Network Layer: Routing

Link-State Routing Protocols

Chapter 9: Multiarea OSPF

Dynamic Routing Protocols part3 B

Novel Attacks in OSPF Networks to Poison Routing Table

Presentation transcript:

Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS

Outline Introduction (OSPF v2) OSPF Security Strengths Attack Impact and Analysis Mitigation Measures

Introduction (OSPF v2) Most used protocol in Autonomous System Link State Routing Protocol LSA is flooded throughout the AS Designated Router Database Description (DBD) Messages

Routing table

Adjacency set up

Security Strengths Per Link Authentication Flooding Fight Back LSA Content

Remote False Adjacency Attack To fool a remote router Persistent control over routing table Denial of Service -Link overload -Routing loops -Delivery Failure Eavesdropping

Mechanism

Consequences Attack can be exploited to black hole traffic Black-holing most AS traffic with single phantom router

Real World Impact List of AS topologies used AS numberISP nameNumber of Routers 1221Telstra Exodus Abovenet145

Percentage of black-holed routers pairs when multiple phantom routers are used

Mitigation Measures Protocol Weakness Same secret key Master cannot see message content Anti source-IP spoofing Master must prove to slave that it has seen at least one message from slave

THANK YOU AND ANY Questions?