Presentation is loading. Please wait.

Presentation is loading. Please wait.

Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS.

Published byBruce Kennedy Modified over 9 years ago

Similar presentations

Presentation on theme: "Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS."— Presentation transcript:

1 Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS

2 Outline Introduction (OSPF v2) OSPF Security Strengths Attack Impact and Analysis Mitigation Measures

3 Introduction (OSPF v2) Most used protocol in Autonomous System Link State Routing Protocol LSA is flooded throughout the AS Designated Router Database Description (DBD) Messages

4 Routing table

5 Adjacency set up

6 Security Strengths Per Link Authentication Flooding Fight Back LSA Content

7 Remote False Adjacency Attack To fool a remote router Persistent control over routing table Denial of Service -Link overload -Routing loops -Delivery Failure Eavesdropping

8 Mechanism

9

10 Consequences Attack can be exploited to black hole traffic Black-holing most AS traffic with single phantom router

11 Real World Impact List of AS topologies used AS numberISP nameNumber of Routers 1221Telstra115 3967Exodus80 6461Abovenet145

12 Percentage of black-holed routers pairs when multiple phantom routers are used

13 Mitigation Measures Protocol Weakness Same secret key Master cannot see message content Anti source-IP spoofing Master must prove to slave that it has seen at least one message from slave

14 THANK YOU AND ANY Questions?

Download ppt "Persistent OSPF Attacks Gabi Nakibly, Alex Kirshon and Dima Gonikman, Dan Boneh 19th Annual Network & Distributed System Security Conference (NDSS 2012)NDSS."

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
PROJECT IN COMPUTER SECURITY - 236349 IS-IS ROUTING ATTACKS Supervisor Gabi Nakibly, Ph.D. Students Bar Weiner, Asaf Mor Spring 2012.

PROJECT IN COMPUTER SECURITY IS-IS ROUTING ATTACKS Supervisor Gabi Nakibly, Ph.D. Students Bar Weiner, Asaf Mor Spring 2012.
BY MICHAEL SUDKOVITCH AND DAVID ROITMAN UNDER THE GUIDANCE OF DR. GABI NAKIBLY OSPF Security project: Summary.

BY MICHAEL SUDKOVITCH AND DAVID ROITMAN UNDER THE GUIDANCE OF DR. GABI NAKIBLY OSPF Security project: Summary.
Denial of Service in Sensor Networks Szymon Olesiak.

Denial of Service in Sensor Networks Szymon Olesiak.
NS-H0503-02/11041 Attacks. NS-H0503-02/11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.

NS-H /11041 Attacks. NS-H /11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.
By Alex Kirshon and Dima Gonikman Under the Guidance of Gabi Nakibly.

By Alex Kirshon and Dima Gonikman Under the Guidance of Gabi Nakibly.
OSPF Security Vulnerabilities Analysis draft-jones-OSPF-vuln-01.txt IETF 58 – RPSEC Working Group.

OSPF Security Vulnerabilities Analysis draft-jones-OSPF-vuln-01.txt IETF 58 – RPSEC Working Group.
OSPF Incremental Link State Database Synchronization (draft-retana-ospf-ils-01) Alvaro Retana, Acee Lindem

OSPF Incremental Link State Database Synchronization (draft-retana-ospf-ils-01) Alvaro Retana, Acee Lindem
1 LINK STATE PROTOCOLS (contents) Disadvantages of the distance vector protocols Link state protocols Why is a link state protocol better?

1 LINK STATE PROTOCOLS (contents) Disadvantages of the distance vector protocols Link state protocols Why is a link state protocol better?
University of Massachusetts at Amherst 1 Flooding Attacks by Exploiting Persistent Forwarding Loops Jianhong Xia, Lixin Gao and Teng Fei University of.

University of Massachusetts at Amherst 1 Flooding Attacks by Exploiting Persistent Forwarding Loops Jianhong Xia, Lixin Gao and Teng Fei University of.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background – Detection of Invalid Routing Announcement in the Internet –Open Discussions Thursday.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
Nov 11, 2004CS573: Network Protocols and Standards1 IP Routing: OSPF Network Protocols and Standards Autumn 2004-2005.

Nov 11, 2004CS573: Network Protocols and Standards1 IP Routing: OSPF Network Protocols and Standards Autumn
1 ELEN 602 Lecture 20 More on Routing RIP, OSPF, BGP.

1 ELEN 602 Lecture 20 More on Routing RIP, OSPF, BGP.
An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.

An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.
An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.

An Initial Security Analysis of the IEEE 802.1x Standard Tsai Hsien Pang 2004/11/4.
A Secure Network Access Protocol (SNAP) A. F. Al Shahri, D. G. Smith and J. M. Irvine Proceedings of the Eighth IEEE International Symposium on Computers.

A Secure Network Access Protocol (SNAP) A. F. Al Shahri, D. G. Smith and J. M. Irvine Proceedings of the Eighth IEEE International Symposium on Computers.
Routing Security in Ad Hoc Networks

Routing Security in Ad Hoc Networks
Persistence lists Explain the purpose of persistence lists and what maintains them. Give an example of a client who should be on a persistence list.

Persistence lists Explain the purpose of persistence lists and what maintains them. Give an example of a client who should be on a persistence list.
ROUTING PROTOCOLS Rizwan Rehman. Static routing  each router manually configured with a list of destinations and the next hop to reach those destinations.

ROUTING PROTOCOLS Rizwan Rehman. Static routing  each router manually configured with a list of destinations and the next hop to reach those destinations.
Routing Protocols Heng Sovannarith

Routing Protocols Heng Sovannarith

Similar presentations

Ads by Google