Vulnerability Development mailing list archives
Re: RIPv1, v2 and OSFP exploits?
From: Sebastien Barbereau <sebastien.barbereau () FR EASYNET NET>
Date: Mon, 27 Nov 2000 10:40:55 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I can't send you direct traces of what you want but if you're really interested you shuld have a look at the "zebra" tool which will help you setup some test and get packet dumps. Also I made some tests with nemesis-ospf but the crafted packets didn't seems correct (I probably forgot some options). - -----Message d'origine----- De : VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]De la part de Curt Wilson Envoyé : samedi 25 novembre 2000 18:18 À : VULN-DEV () SECURITYFOCUS COM Objet : RIPv1, v2 and OSFP exploits? Greetings. I apologize in advance if this is not the proper forum for this message. I am currently researching security problems and intrusion detection for network devices and routing protocols. I've heard multiple references about RIP (especially v1) being wide open to route spoofing attacks, but have not actually seen detailed reference to these attacks in the wild. If anyone has any reference material this would be excellent. I am mostly looking for detailed material such as tcpdump or packet traces as well as screen captures of command line tools use to implement the spoof (for instance, nemesis-rip). Since OSPF appears to have two options for authentication information (plaintext key and MD5), I am wondering if anyone knows to what degree the plaintext keys are chosen over the MD5. Perhaps some are concerned about a possible performance hit with the MD5 option. I'm trying to learn if OSPF passes the key in each HELLO message it sends to other routers, and would love to obtain some packet traces of OSPF traffic (sanitized, of course) if you have any. The nemesis-ospf tool allows detailed packet crafting of an OSPF packet, but my knowledge of OSPF is not detailed enough to construct one on the fly. If I had some packet traces to work with I could perhaps gain further insight and test the tool with gated on my linux boxes in my home network. My knowledge of routing protocols is limited, so please excuse any errors in my reasoning process. Thanks for any assistance. Curt Wilson netw3.com Consulting www.netw3.com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBOiIeB3MEbPkbj2omEQKUnwCfSjLWes+oU51pHTI32Lmkjuif1WIAoNaU QCSha1DrLEZ2U7CvDUTGEvP6 =E8pO -----END PGP SIGNATURE-----
Current thread:
- RIPv1, v2 and OSFP exploits? Curt Wilson (Nov 27)
- <Possible follow-ups>
- Re: RIPv1, v2 and OSFP exploits? Sebastien Barbereau (Nov 28)