An LCCN project by: Alex Kirshon and Dima Gonikman, supervised by: Gabi Nakibly and Itai Dabran The Laboratory of Computer

Communication and Networking

Routers handle packets navigation throughout the internet

Each router maintains a routing table – specifying its’ connections and

available destinations

Our attacks allows the injection of false information to routers’ routing

table, thus disrupting correct flow of information

Routing On The Internet

Open Shortest Path First

Dijkstra Algorithm based routing topology

Link State Advertisement Protocol

Most protocol data is exchanged exclusively over adjacencies

Built in fight-back mechanism to avoid persistence of false information

OSPF Routing Protocol - Key Features

OSPF Routing Protocol-Key Features-Adjacency

Adjacency Bring-up protocol

Each router broadcasts Hello messages

Each router forms adjacencies

with its’ neighbors by synchronizing

their knowledge of the network

topology (Link State Database)

R1

Hello, neighbor=<R2 ID>,

DBD, I, M, MS, Seq.=y

DBD, I, M, MS, Seq.=x

DBD, Seq.=x

DBD, M, MS, Seq.=x+1

DBD, Seq.=x+1

R2

Hello

LS Request, <LSID>

LS Update, <LSID>

.

.

.

.

Attack Goal – Establishing an adjacency with a phantom router

Motivation – Being adjacent is a powerful position

Attack Method

• Exploits a weakness to become a master in the adjacency

bring up process

• This allows to form an adjacency without receiving

victims’ replies

Attack scenario implemented using Scapy and works on the simulated

network with no adjustments to theoretical attack

Effect – Loss of communication between hosts

False Adjacency Attack

Attack Goal – Controlling the fightback mechanism

Motivation – Knowing when fightback occurs helps to overcome it

Attack Method

• Exploit a weakness in the checsum mechanism to force the

victim to initiate fight back with known checksum

• Send an LSA disguised as the legitimate fight back

Attack scenario implementation using Scapy works on the simulated

network

Expected effect - Loss of communication between hosts

Adjacency Corruption Attack

OMNET++ and INET

network simulator frameworks

GNS3 - Cisco Network Simulator

Network topologies creation and Cisco router simulation

VPCS - Virtual PC Simulator

Generation of traffic over GNS3 topologies

Scapy - Python Based Packet Handler

Execution of attacks over simulated networks

Wireshark - Network Protocol Analyzer

Validation of script-generated packets

Tools Used

We presented two new ways to exploit vulnerabilities in the

OSPF protocol specification

The attacks are successful on the most recent version of Cisco

IOS – 15.0(1)M

We have proven the ability of a single router to effectively and

persistently falsify other routers’ routing table

Summary