Penetration Testing mailing list archives

Re: [PEN-TEST] Route Poisoning

From: J C <jclists () MAIL COM>
Date: Sat, 10 Mar 2001 08:11:07 -0500

-Someone else recently wrote a paper on OSPF security features -but I can't
-recall where I saw this.

You may be thinking of my 'Securing OSPF' paper.  It's at:

www.liquifried.com/securingospf.html

By no means comprehensive, but a decent why and how-to for securing ospf
with Cisco IOS and gateD.

As far as the popularity of securing interior routing protocols, I've rarely
seen it in the field.

With OSPF, clear text auth is useful in stopping misconfigurations, testing,
and other accidental factors from affecting your routing.  Obviously, if an
attacker is listening on the line, this auth won't help.

MD5 is better from a security point of view, but (as always) management can
be an issue.  You have to deal with key expiration and changeover as well as
key coordination across routers (same thing for clear text).

Anyhoo, it's an interesting subject I've done a decent amount of work in,
and I'd also be willing to continue the discussion with those interested.

Jason


______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup

Current thread:

[PEN-TEST] Route Poisoning Shrikanth Shetty (Mar 07)
- Re: [PEN-TEST] Route Poisoning Enno Rey (Mar 07)
- Re: [PEN-TEST] Route Poisoning Curt Wilson - Netw3 Consulting (Mar 08)
- Re: [PEN-TEST] Route Poisoning Dario Ciccarone (Mar 08)
- <Possible follow-ups>
- Re: [PEN-TEST] Route Poisoning J C (Mar 10)