Vulnerability Development mailing list archives
RIPv1, v2 and OSFP exploits?
From: Curt Wilson <netw3 () NETW3 COM>
Date: Sat, 25 Nov 2000 17:18:09 -0000
Greetings. I apologize in advance if this is not the proper forum for this message. I am currently researching security problems and intrusion detection for network devices and routing protocols. I've heard multiple references about RIP (especially v1) being wide open to route spoofing attacks, but have not actually seen detailed reference to these attacks in the wild. If anyone has any reference material this would be excellent. I am mostly looking for detailed material such as tcpdump or packet traces as well as screen captures of command line tools use to implement the spoof (for instance, nemesis-rip). Since OSPF appears to have two options for authentication information (plaintext key and MD5), I am wondering if anyone knows to what degree the plaintext keys are chosen over the MD5. Perhaps some are concerned about a possible performance hit with the MD5 option. I'm trying to learn if OSPF passes the key in each HELLO message it sends to other routers, and would love to obtain some packet traces of OSPF traffic (sanitized, of course) if you have any. The nemesis-ospf tool allows detailed packet crafting of an OSPF packet, but my knowledge of OSPF is not detailed enough to construct one on the fly. If I had some packet traces to work with I could perhaps gain further insight and test the tool with gated on my linux boxes in my home network. My knowledge of routing protocols is limited, so please excuse any errors in my reasoning process. Thanks for any assistance. Curt Wilson netw3.com Consulting www.netw3.com
Current thread:
- RIPv1, v2 and OSFP exploits? Curt Wilson (Nov 27)
- <Possible follow-ups>
- Re: RIPv1, v2 and OSFP exploits? Sebastien Barbereau (Nov 28)