Persistent OSPF Attacks

Authors: G. Nakibly, A. Kirshon, D. Gonikman, and D. Boneh

Open Shortest Path First (OSPF) is the most widely deployed interior gateway routing protocol on the Internet. We present two new attacks on OSPF that expose design vulnerabilities in the protocol specification. These new attacks can affect routing advertisements of routers not controlled by the attacker while evading the OSPF self-defense "fight-back" mechanism. By exploiting these vulnerabilities an attacker can persistently falsify large portions of the routing domain's topology thereby giving the attacker control over how traffic is routed in the domain. This in turn can lead to denial of service, eavesdropping, and man in the middle attacks. We discuss a number of mitigation strategies and propose an update to the OSPF specification that defeats these attacks and improves overall OSPF security.

In proceedings of the 19th Annual Network & Distributed System Security Conference (NDSS 2012)

Full paper: pdf.