Owning the Routing Table - Part II
The holy grail of routing attacks is owning the routing table of a router. We present a newly found vulnerability of the OSPF protocol -- the most popular routing protocol inside autonomous systems (AS) -- which allow to own a router's routing table without having to own the router itself. This work is a sequel to "Owning the Routing Table" we presented at Black Hat USA 2011. In this work we present a powerful OSPF attack that exploit a newly discovered ambiguity of the OSPF standard. The attack may be utilized to induce black holes, network cuts or longer routes in order to facilitate DoS of the routing domain or to gain access to information flows which otherwise the attacker had no access to. The attack can also be used to easily DoS a victim router using a single packet. The main contribution of this work is the recognition that by controlling just a single router inside an AS the attacker can own the routing tables of all other routers of that AS.
This is a joint work with Eitan Menahem, Yuval Elovici and Ariel Waizel.
This talk shall be presented at Black Hat USA 2013.
Gabi is currently a fellow at the National EW Research & Simulation Center in Israel (as part of Rafael - Advanced Defense Systems Ltd.) where he is involved in the security analysis of network protocols and the secure deployment of network services. He also serves as an adjunct lecturer and researcher in the computer science department at the Technion (Israel Institute of Technology). In 2012 Gabi was a visiting scholar at Stanford University's security lab.
Gabi received his B. Sc. in Information Systems Engineering (summa cum laude) and PhD in Computer Science from the Technion in 1999 and 2008, respectively.