nanog mailing list archives
Re: OSPF Vulnerability - Owning the Routing Table
From: Jeff Tantsura <jeff.tantsura () ericsson com>
Date: Mon, 5 Aug 2013 01:10:47 +0000
Agree, that't why using p2p has been mentioned as BCP in networking "howto's" for at least last 10 years. Regards, Jeff On Aug 4, 2013, at 3:14 AM, "Saku Ytti" <saku () ytti fi> wrote:
On (2013-08-04 05:01 -0500), Jimmy Hess wrote:I would say the risk score of the advisory is overstated. And if you think "ospf is secure" against LAN activity after any patch, that would be wishful thinking. Someone just rediscovered one of the countless innumerable holes in the back of the cardboard box and tried covering it with duck tape...I tend to agree. OTOH I'm not 100% sure if it's unexploitable outside LAN via unicast OSPF packets. But like you say MD5 offers some level of protection. I wish there would be some KDF for IGP KARP so that each LSA would actually have unique not-to-be-repeated password, so even if someone gets copy of one LSA and calculates out the MD5 it won't be relevant anymore. L2 is very dangerous in any platform I've tried, access to L2 and you can usually DoS the neighbouring router, even when optimally configured CoPP/Lo0 filter. -- ++ytti
Current thread:
- OSPF Vulnerability - Owning the Routing Table Glen Kent (Aug 02)
- Re: OSPF Vulnerability - Owning the Routing Table Adam Atkinson (Aug 02)
- Re: OSPF Vulnerability - Owning the Routing Table Aled Morris (Aug 02)
- Re: OSPF Vulnerability - Owning the Routing Table Jimmy Hess (Aug 03)
- Re: OSPF Vulnerability - Owning the Routing Table Saku Ytti (Aug 04)
- Re: OSPF Vulnerability - Owning the Routing Table Jimmy Hess (Aug 04)
- Re: OSPF Vulnerability - Owning the Routing Table Saku Ytti (Aug 04)
- Re: OSPF Vulnerability - Owning the Routing Table Jeff Tantsura (Aug 04)
- Re: OSPF Vulnerability - Owning the Routing Table Jimmy Hess (Aug 03)
- Message not available
- Re: Returned mail: see transcript for details Jimmy Hess (Aug 04)
- Re: Returned mail: see transcript for details Warren Bailey (Aug 04)
- Message not available
- Re: Returned mail: see transcript for details Larry Sheldon (Aug 04)
- Re: Returned mail: see transcript for details Valdis . Kletnieks (Aug 04)
- Re: Returned mail: see transcript for details Andrew Koch (Aug 05)
- Re: Returned mail: see transcript for details Valdis . Kletnieks (Aug 05)
- Re: Returned mail: see transcript for details Jay Ashworth (Aug 05)
- Re: Returned mail: see transcript for details ryanL (Aug 06)
- RE: OSPF Vulnerability - Owning the Routing Table John Stuppi (jstuppi) (Aug 02)