Prof. Alex (Sandy) Pentland Founding Director Media Lab Asia MIT Media Laboratory
The Laboratory of Computer An LCCN project by: Alex ...
Transcript of The Laboratory of Computer An LCCN project by: Alex ...
An LCCN project by: Alex Kirshon and Dima Gonikman, supervised by: Gabi Nakibly and Itai Dabran The Laboratory of Computer
Communication and Networking
Routers handle packets navigation throughout the internet
Each router maintains a routing table – specifying its’ connections and
available destinations
Our attacks allows the injection of false information to routers’ routing
table, thus disrupting correct flow of information
Routing On The Internet
Open Shortest Path First
Dijkstra Algorithm based routing topology
Link State Advertisement Protocol
Most protocol data is exchanged exclusively over adjacencies
Built in fight-back mechanism to avoid persistence of false information
OSPF Routing Protocol - Key Features
OSPF Routing Protocol-Key Features-Adjacency
Adjacency Bring-up protocol
Each router broadcasts Hello messages
Each router forms adjacencies
with its’ neighbors by synchronizing
their knowledge of the network
topology (Link State Database)
R1
Hello, neighbor=<R2 ID>,
DBD, I, M, MS, Seq.=y
DBD, I, M, MS, Seq.=x
DBD, Seq.=x
DBD, M, MS, Seq.=x+1
DBD, Seq.=x+1
R2
Hello
LS Request, <LSID>
LS Update, <LSID>
.
.
.
.
Attack Goal – Establishing an adjacency with a phantom router
Motivation – Being adjacent is a powerful position
Attack Method
• Exploits a weakness to become a master in the adjacency
bring up process
• This allows to form an adjacency without receiving
victims’ replies
Attack scenario implemented using Scapy and works on the simulated
network with no adjustments to theoretical attack
Effect – Loss of communication between hosts
False Adjacency Attack
Attack Goal – Controlling the fightback mechanism
Motivation – Knowing when fightback occurs helps to overcome it
Attack Method
• Exploit a weakness in the checsum mechanism to force the
victim to initiate fight back with known checksum
• Send an LSA disguised as the legitimate fight back
Attack scenario implementation using Scapy works on the simulated
network
Expected effect - Loss of communication between hosts
Adjacency Corruption Attack
OMNET++ and INET
network simulator frameworks
GNS3 - Cisco Network Simulator
Network topologies creation and Cisco router simulation
VPCS - Virtual PC Simulator
Generation of traffic over GNS3 topologies
Scapy - Python Based Packet Handler
Execution of attacks over simulated networks
Wireshark - Network Protocol Analyzer
Validation of script-generated packets
Tools Used
We presented two new ways to exploit vulnerabilities in the
OSPF protocol specification
The attacks are successful on the most recent version of Cisco
IOS – 15.0(1)M
We have proven the ability of a single router to effectively and
persistently falsify other routers’ routing table
Summary