nanog mailing list archives
Re: OSPF Vulnerability - Owning the Routing Table
From: Jimmy Hess <mysidia () gmail com>
Date: Sat, 3 Aug 2013 18:38:39 -0500
On 8/2/13, Aled Morris <aledm () qix co uk> wrote:
Cisco published an advisory on OSPF vulnerability yesterday I think. I assume it's related.
OSPF is a dynamic routing protocol. It automatically discovers neighbors on a multi-access segment claiming to be routers. In what way could it possibly be unexpected that an attacker can pose as a router and inject false routes; if an attacker able to emit multicast to OSPF multicast address onto a LAN speaking OSPF? That's not news to me, but fully expected. Do the vendors /really/ have a code fix to what would seem to be an inherent problem; if you failed to properly secure your OSPF implementation (via MD5 authentication)?
OSPFv3 is not vulnerable, and connections protected by MD5 are safe too, apparently. Aled
-- -JH
Current thread:
- OSPF Vulnerability - Owning the Routing Table Glen Kent (Aug 02)
- Re: OSPF Vulnerability - Owning the Routing Table Adam Atkinson (Aug 02)
- Re: OSPF Vulnerability - Owning the Routing Table Aled Morris (Aug 02)
- Re: OSPF Vulnerability - Owning the Routing Table Jimmy Hess (Aug 03)
- Re: OSPF Vulnerability - Owning the Routing Table Saku Ytti (Aug 04)
- Re: OSPF Vulnerability - Owning the Routing Table Jimmy Hess (Aug 04)
- Re: OSPF Vulnerability - Owning the Routing Table Saku Ytti (Aug 04)
- Re: OSPF Vulnerability - Owning the Routing Table Jeff Tantsura (Aug 04)
- Re: OSPF Vulnerability - Owning the Routing Table Jimmy Hess (Aug 03)
- Message not available
- Re: Returned mail: see transcript for details Jimmy Hess (Aug 04)
- Re: Returned mail: see transcript for details Warren Bailey (Aug 04)
- Message not available
- Re: Returned mail: see transcript for details Larry Sheldon (Aug 04)
- Re: Returned mail: see transcript for details Valdis . Kletnieks (Aug 04)
- Re: Returned mail: see transcript for details Andrew Koch (Aug 05)
- Re: Returned mail: see transcript for details Valdis . Kletnieks (Aug 05)