Vulnerability Development mailing list archives

Re: RIPv1, v2 and OSFP exploits?

From: Sebastien Barbereau <sebastien.barbereau () FR EASYNET NET>
Date: Mon, 27 Nov 2000 10:40:55 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I can't send you direct traces of what you want but if you're really
interested you shuld have a look at the "zebra" tool which will help
you setup some test and get packet dumps.
Also I made some tests with nemesis-ospf but the crafted packets
didn't seems correct (I probably forgot some options).


- -----Message d'origine-----
De : VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]De la part de
Curt
Wilson
Envoyé : samedi 25 novembre 2000 18:18
À : VULN-DEV () SECURITYFOCUS COM
Objet : RIPv1, v2 and OSFP exploits?



Greetings. I apologize in advance if this is not the 
proper forum for this message.

I am currently researching security problems and 
intrusion detection for network devices and routing 
protocols. I've heard multiple references about RIP 
(especially v1) being wide open to route spoofing 
attacks, but have not actually seen detailed reference 
to these attacks in the wild. If anyone has any 
reference material this would be excellent. I am 
mostly looking for detailed material such as tcpdump 
or packet traces as well as screen captures of 
command line tools use to implement the spoof (for 
instance, nemesis-rip).

Since OSPF appears to have two options for 
authentication information (plaintext key and MD5), I 
am wondering if anyone knows to what degree the 
plaintext keys are chosen over the MD5. Perhaps 
some are concerned about a possible performance 
hit with the MD5 option. I'm trying to learn if OSPF 
passes the key in each HELLO message it sends to 
other routers, and would love to obtain some packet 
traces of OSPF traffic (sanitized, of course) if you 
have any. 

The nemesis-ospf tool allows detailed packet crafting 
of an OSPF packet, but my knowledge of OSPF is 
not detailed enough to construct one on the fly. If I 
had some packet traces to work with I could perhaps 
gain further insight and test the tool with gated on my 
linux boxes in my home network.

My knowledge of routing protocols is limited, so 
please excuse any errors in my reasoning process.

Thanks for any assistance.
Curt Wilson
netw3.com Consulting
www.netw3.com


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOiIeB3MEbPkbj2omEQKUnwCfSjLWes+oU51pHTI32Lmkjuif1WIAoNaU
QCSha1DrLEZ2U7CvDUTGEvP6
=E8pO
-----END PGP SIGNATURE-----

Current thread:

RIPv1, v2 and OSFP exploits? Curt Wilson (Nov 27)
- <Possible follow-ups>
- Re: RIPv1, v2 and OSFP exploits? Sebastien Barbereau (Nov 28)