open shortest path first
play

OPEN SHORTEST PATH FIRST How to take advantage of routing protocols - PowerPoint PPT Presentation

Nov 05, 2022 •130 likes •495 views

PWN OPEN SHORTEST PATH FIRST How to take advantage of routing protocols 1 ABOUT ME Studied network and security at the Technical University of Troyes (France) Working at WienCERT (Stadt-Wien) 2 AGENDA What is a routing protocol? How to

  1. PWN OPEN SHORTEST PATH FIRST How to take advantage of routing protocols 1

  2. ABOUT ME Studied network and security at the Technical University of Troyes (France) Working at WienCERT (Stadt-Wien) 2

  3. AGENDA What is a routing protocol? How to use a vulnerable configuration? Consequences and how to avoid it. 3

  4. WHAT IS A ROUTING PROTOCOL 4 Photo courtesy of Dawson Construction Co. BP Refinery project

  5. ROUTING IN IP NETWORKS IP Networks & Masks IP Network Mask 10.0.0.9/29 10.0.0.8 255.255.255.248 5

  6. ROUTING IN IP NETWORKS IP: 192.168.42.1/24 Network Gateway 10.0.0.0/8 R1 10.0.0.0/24 R2 0.0.0.0 R3 To reach 10.0. 0.1 ⇒ GW R2 To reach 10.0. 1.1 ⇒ GW R1 To reach 192.168.1.1 ⇒ GW R3 6

  7. HISTORICAL ROUTING All routers controlled by the same administrative authority Security wasn’t really a preoccupation Internet grew to fast to implement security changes 7

  8. WHAT IS A ROUTING PROTOCOL? Share routes through the network in an automated way IGP vs. EGP link-state vs. distance-vector 8

  9. OSPF: A ROUTING PROTOCOL Interior Gateway Protocol Multicast (224.0.0.5 or FF02::5) Link-State Protocol ⇒ Keep state with UPDATE packets Encapsulated directly in IP (protocol 89) 9

  10. Network Bravo Network A R1 Network C R3 Network B R2 Network C R3 OSPF Network Charlie Network Alpha DYNAMIC ROUTING 10

  11. HOW TO EXPLOIT A VULNERABLE CONFIGURATION 11 bit.ly/1vkWpOP

  12. MULTIPLE VULNERABILITIES Old protocol (last RFC in 1998) Information sent in clear text … 12

  13. OSPF HEADER 13

  14. MULTIPLE VULNERABILITIES II Standard configuration of routers ⇒ Clear text auth ⇒ add router to the network ⇒ and then add new routes to the protocol 14

  15. DYNAMIC ROUTING Network Bravo Network Charlie Network Alpha 15

  16. DYNAMIC ROUTING Network Bravo Network Charlie Network Alpha NewR Illegal Network 16

  17. DYNAMIC ROUTING Network Bravo Network A R1 Network C R3 Illegal Net. R3 Network Charlie Network Alpha NewR Network A R1 Network B R2 Illegal Network Network B R2 Network C R3 Illegal Net NewR Illegal Net. R3 17 17

  18. CONSEQUENCES Re-route internal IP-traffic Manipulate connections (DNS, DHCP , …) Reroute external IPs to internal servers 18

  19. WHAT ABOUT OTHER PROTOCOLS? 19

  20. EIGRP Distance-Vector Cisco Routing Protocol 20

  21. RIPv2 Distance-Vector Routing Protocol 21

  22. BGP Exterior Gateway Protocol This vulnerability is not applicable Neighboring required to route 22

  23. TOOLS Wireshark Nemesis Loki IP Sorcery Cain&Abel Quagga Net Dude Scapy (contrib module; no md5) Collasoft NRL Core IRPAS 23

  24. HOW TO AVOID MIS-CONFIGURATION 24 http://bit.ly/1uG7Oak

  25. CONFIGURATION Know your routers! Review your configuration periodically Limit the scope of your routing protocol Test your configuration 25

  26. JUNOS EXAMPLE # show protocols ospf area 0.0.0.0 interface vlan.1 { retransmit-interval 5; hello-interval 2; dead-interval 10; authentication { md5 1 key "mypassword"; } } interface ge-0/0/1.0 { passive ; } 26

  27. QUAGGA EXAMPLE router ospf ospf router-id 10.0.0.1 # network 10.1.2.0/24 area 0 network 10.2.4.0/24 area 0 passive-interface eth0:1 # redistribute kernel redistribute connected redistribute static default-information originate # 27

  28. CISCO EXAMPLE router ospf 1 router-id 10.0.0.1 log-adjacency-changes area 10.0.0.20 authentication redistribute connected metric 50 subnets redistribute static subnets passive-interface default no passive-interface FastEthernet0 network 10.11.12.0 0.0.0.255 area 20 network 192.168.42.0 0.0.0.255 area 20 28

  29. CISCO EXAMPLE interface FastEthernet0 ip address 10.0.0.1 255.255.255.0 ip ospf authentication message-digest ip ospf authentication-key P4ssW0rd ip ospf 1 area 10.0.0.20 duplex auto speed auto 29

  30. CISCO EXAMPLE 30

  31. PATCH MANAGEMENT Patch your network devices Learn about new protocol (OSPFv3 w/ AH&ESP) Use the new protocols 31

  32. OTHER VULNERABILITIES? Spoofed LSA (CVE-2013-0149) 32

  33. CONCLUSION Consider Routing as a critical asset Monitor your network Audit your network periodically 33

  34. SPECIAL THANKS WienCERT PGP-Key: 9B2C C43A 0B5A 6269 A438 A1FC 07FA F5B9 948A D027 34

  35. CONTACT louis@durufle.eu @louisdurufle 35

  36. REFERENCES IP RFC https://tools.ietf.org/html/rfc791 OSPF v2 RFC http://tools.ietf.org/html/rfc2328 OSPF for IPv6 RFC http://tools.ietf.org/html/rfc5340 “An Experimental Study of Insider Attacks for the OSPF Routing Protocol” Brian Vetter, Feiyi Wang, S. Felix Wu (1997) “Persistent OSPF Attacks” Gabi Nakibly and al. http://crypto.stanford.edu/~dabo/pubs/papers/ ospf.pdf “OSPF Security Project” Michael Sudkovitch and David I. Roitman, http:// webcourse.cs.technion.ac.il/236349/Spring2013/ho/WCFiles/2009-2-ospf-report.pdf Scapy OSPF Module https://raw.githubusercontent.com/d1b/scapy/master/scapy/contrib/ospf.py 36

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lab Course RouterLab Open Shortest Path First (OSPF) Miscellaneous Don't set enable

Lab Course RouterLab Open Shortest Path First (OSPF) Miscellaneous Don't set enable

Lab Course RouterLab Open Shortest Path First (OSPF) Miscellaneous Don't set enable passwords on Cisco router ... OSPF (Open Shortest Path First) Open: specification publicly available RFC 1247, RFC 2328 Working

383 views • 24 slides
OSPF (Open Shortest Path First) Open: specification publicly available RFC 1247, RFC

OSPF (Open Shortest Path First) Open: specification publicly available RFC 1247, RFC

OSPF (Open Shortest Path First) Open: specification publicly available RFC 1247, RFC 2328 Working group formed in 1988 Goals: Large, heterogeneous internetworks Uses the Link State algorithm Topology map at each

395 views • 36 slides
OSPF (Open Shortest Path First) Open: specifjcation publicly available RFC 1247, RFC

OSPF (Open Shortest Path First) Open: specifjcation publicly available RFC 1247, RFC

OSPF (Open Shortest Path First) Open: specifjcation publicly available RFC 1247, RFC 2328 Working group formed in 1988 Goals: Large, heterogeneous internetworks Uses the Link State algorithm T opology map at each

772 views • 39 slides
4.4 Shortest Paths in a Graph shortest path from Princeton CS department to Einstein's house

4.4 Shortest Paths in a Graph shortest path from Princeton CS department to Einstein's house

4.4 Shortest Paths in a Graph shortest path from Princeton CS department to Einstein's house Shortest Path Problem Shortest path network. Directed graph G = (V, E). Source s, destination t. Length e = length of edge e. Shortest

226 views • 6 slides
TEDI: Efficient Shortest Path Query Answering on Graphs Fang Wei University of Freiburg SIGMOD

TEDI: Efficient Shortest Path Query Answering on Graphs Fang Wei University of Freiburg SIGMOD

TEDI: Efficient Shortest Path Query Answering on Graphs Fang Wei University of Freiburg SIGMOD 2010 Applications Shortest Path Queries A shortest path query on a(n) (undirected) graph finds the shortest path for the given source and target

678 views • 33 slides
Outline and Reading Weighted graphs (7.1) Shortest Paths Shortest path problem Shortest

Outline and Reading Weighted graphs (7.1) Shortest Paths Shortest path problem Shortest

Outline and Reading Weighted graphs (7.1) Shortest Paths Shortest path problem Shortest path properties Dijkstras algorithm (7.1.1) 0 A 4 8 Algorithm 2 8 2 3 Edge relaxation 7 1 B C D The Bellman-Ford

348 views • 4 slides
Lab Course RouterLab OSPF - Open Shortest Path First (RFC 2328) Some of the slides come

Lab Course RouterLab OSPF - Open Shortest Path First (RFC 2328) Some of the slides come

Lab Course RouterLab OSPF - Open Shortest Path First (RFC 2328) Some of the slides come from: http://www.ietf.org/proceedings/07dec/slides/IDRTut-0.pdf 1 Miscellaneous Anything that needs discussion? OSPF 2 Internet Routing

690 views • 20 slides
Parallel shortest-path route planning on real-world road networks: SP over graph processing and

Parallel shortest-path route planning on real-world road networks: SP over graph processing and

Parallel shortest-path route planning on real-world road networks: SP over graph processing and GNN based SP R244: Large Scale Data Processing and Optimisation Open Source Project Claire Cofgey Motivation - Fast shortest-path computations on

78 views • 7 slides
Shortest Paths Shortest path problem. Given a directed graph G = (V, E), with edge weights c vw ,

Shortest Paths Shortest path problem. Given a directed graph G = (V, E), with edge weights c vw ,

Shortest Paths Shortest path problem. Given a directed graph G = (V, E), with edge weights c vw , find shortest path from node s to node t. allow negative weights Ex. Nodes represent agents in a financial setting and c vw is cost of transaction

394 views • 11 slides
Finding Shortest Paths Shortest Path Problem Shortest Path Problem Given a graph G = ( V , E )

Finding Shortest Paths Shortest Path Problem Shortest Path Problem Given a graph G = ( V , E )

Finding Shortest Paths Shortest Path Problem Shortest Path Problem Given a graph G = ( V , E ) and an edge weight function : V R . Length of a Path The length or weight ( P ) of a path P = { v 1 , v 2 , . . . , v l } with at least two

347 views • 24 slides
Finding Shortest Paths Shortest Path Problem Shortest Path Problem We are given a graph G = ( V ,

Finding Shortest Paths Shortest Path Problem Shortest Path Problem We are given a graph G = ( V ,

Finding Shortest Paths Shortest Path Problem Shortest Path Problem We are given a graph G = ( V , E ) and an edge weight function : E R . Length of a Path The length or weight ( P ) of a path P = { v 1 , v 2 , . . . , v l } with at

495 views • 20 slides
ECE 242 Data Structures Lecture 31 Shortest Path Algorithms November 30, 2009 ECE242 L31:

ECE 242 Data Structures Lecture 31 Shortest Path Algorithms November 30, 2009 ECE242 L31:

ECE 242 Data Structures Lecture 31 Shortest Path Algorithms November 30, 2009 ECE242 L31: Shortest Path Algorithms Single Source Shortest Path Problem Single source shortest path problem Find the shortest path to all other nodes from a

216 views • 11 slides
Shortest Paths with Arbitrary Edge Weights Cormen et. al.24.1 Shortest Path Problem Shortest

Shortest Paths with Arbitrary Edge Weights Cormen et. al.24.1 Shortest Path Problem Shortest

Shortest Paths with Arbitrary Edge Weights Cormen et. al.24.1 Shortest Path Problem Shortest path problem. Given a directed graph G = (V, E), with edge weights c vw , find shortest path from node s to node t. Th This is t tim ime w we a

302 views • 13 slides
Shortest Paths Shortest Paths path between two given vertices path between two given vertices

Shortest Paths Shortest Paths path between two given vertices path between two given vertices

Shortest Path Introduction to Algorithms Introduction to Algorithms Given a weighted directed graph one Given a weighted directed graph, one common problem is finding the shortest Shortest Paths Shortest Paths path between two given

431 views • 16 slides
Dijkstra s Algorithm Shortest Path Problem Directed graph G = (V , E) Source s l e = length

Dijkstra s Algorithm Shortest Path Problem Directed graph G = (V , E) Source s l e = length

Dijkstra s Algorithm Shortest Path Problem Directed graph G = (V , E) Source s l e = length of edge e l e 0 for all edges e Shortest path problem: (Google Maps!) find shortest path from s to all other nodes 1 a c 2 3 1 1 1 e

882 views • 18 slides
Design of capacitated networks with unsplittable shortest path routing Andreas Bley Zuse

Design of capacitated networks with unsplittable shortest path routing Andreas Bley Zuse

Design of capacitated networks with unsplittable shortest path routing Andreas Bley Zuse Institute Berlin (ZIB) Overview Practical background: Internet = shortest path routing Properties of unsplittable shortest path systems Integer

460 views • 17 slides
Chapter 4: Network Layer Chapter goals: understand principles behind network layer services:

Chapter 4: Network Layer Chapter goals: understand principles behind network layer services:

Chapter 4: Network Layer Chapter goals: understand principles behind network layer services: services: network layer service models forwarding versus routing how a router works addressing and routing (path selection)

740 views • 51 slides
4.3 Routing protocols We first look at Routing Tables and routing mechanisms. A routing table has

4.3 Routing protocols We first look at Routing Tables and routing mechanisms. A routing table has

4.3 Routing protocols We first look at Routing Tables and routing mechanisms. A routing table has columns for the destination network (or hosts) with the corresponding cost and the next router address to reach a destination. Additional

1.08k views • 84 slides
Internet Lab (iLabX) Dynamic Routing Christian Lbben ilabx@net.in.tum.de Chair of Network

Internet Lab (iLabX) Dynamic Routing Christian Lbben ilabx@net.in.tum.de Chair of Network

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Internet Lab (iLabX) Dynamic Routing Christian Lbben ilabx@net.in.tum.de Chair of Network Architectures and Services Department of

1.07k views • 65 slides
IP Routing: Intradomain CS/ECE 438: Spring 2014 Instructor: Matthew Caesar

IP Routing: Intradomain CS/ECE 438: Spring 2014 Instructor: Matthew Caesar

IP Routing: Intradomain CS/ECE 438: Spring 2014 Instructor: Matthew Caesar http://courses.engr.illinois.edu/cs438/ Today Application Transport Network Link Layer Physical Starting on the internals of the network layer Many pieces to the

1.47k views • 99 slides
CSCI 4760 - Computer Networks Fall 2016 Instructor: Prof. Roberto Perdisci perdisci@cs.uga.edu

CSCI 4760 - Computer Networks Fall 2016 Instructor: Prof. Roberto Perdisci perdisci@cs.uga.edu

source: computer-networks-webdesign.com CSCI 4760 - Computer Networks Fall 2016 Instructor: Prof. Roberto Perdisci perdisci@cs.uga.edu These slides are adapted from the textbook slides by J.F. Kurose and K.W. Ross Chapter 4: Network Layer

1.44k views • 106 slides
Presentation Presentation On On Routing Protocol Routing Protocol By By Muhammad Siddiqui

Presentation Presentation On On Routing Protocol Routing Protocol By By Muhammad Siddiqui

Presentation Presentation On On Routing Protocol Routing Protocol By By Muhammad Siddiqui Muhammad Siddiqui ISNM2003 ISNM2003 28th Jan 2004 Networks A computer network that spans a relatively large geographical area.

808 views • 31 slides
Wireless Multimedia System Lecture 9 & 10 Ad hoc & Multicast

Wireless Multimedia System Lecture 9 & 10 Ad hoc & Multicast

Wireless Multimedia System Lecture 9 & 10 Ad hoc & Multicast http://inrg.csie.ntu.edu.tw/wms Wireless & Multimedia Network Laboratory Wireless & Multimedia Network Laboratory

2.17k views • 112 slides
Ad hoc and Sensor Networks Chapter 11: Routing protocols Holger Karl Computer Networks Group

Ad hoc and Sensor Networks Chapter 11: Routing protocols Holger Karl Computer Networks Group

Ad hoc and Sensor Networks Chapter 11: Routing protocols Holger Karl Computer Networks Group Universitt Paderborn Goals of this chapter In any network of diameter > 1, the routing & forwarding problem appears We will discuss

586 views • 47 slides

More recommend