research-article

OSPF vulnerability to persistent poisoning attacks: a systematic analysis

Authors:

Yuval EloviciAuthors Info & Claims

ACSAC '14: Proceedings of the 30th Annual Computer Security Applications Conference

Pages 336 - 345

https://doi.org/10.1145/2664243.2664278

Published: 08 December 2014 Publication History

Abstract

Open Shortest Path First (OSPF) is one of the most widely deployed interior gateway routing protocols on the Internet. The most common attack vector against OSPF is spoofing of routing advertisements on behalf of a remote router. OSPF employs a self-defense "fight-back" mechanism that quickly reverts the effects of such attacks. Nonetheless, some attacks that evade the fight-back mechanism have been discovered, making it possible to persistently falsify routing advertisements. This type of attacks are the most serious threat to a routing protocol since they allow an attacker to gain persistent control over how traffic is routed throughout the network. This shows that despite its maturity, the OSPF specification is not without security flaws and may have still-unknown vulnerabilities. In this work we systematically analyze -- manually and by formal verification -- the OSPF specification for additional vulnerabilities in the fight-back mechanism. Our analysis uncovered a fundamental security flaw in OSPF that allows a simple means for an attacker to evade the fight-back mechanism. Most major router vendors acknowledged the existence of this vulnerability in their products. Fortunately, our analysis strongly indicates that no other vulnerabilities in the fight-back mechanism are likely to exist.

References

[1]

Cisco IOS emualtor. http://dynagen.org/.

[2]

Full OSPF Model Implementation. http://pastebin.com/1stZJRhy.

[3]

Graphical network emulator. http://www.gns3.net.

[4]

Mikrotik Routers and Wireless. http://www.mikrotik.com/software.html.

[5]

Orna Grumberg Adi Sosnovich and Gabi Nakibly. Finding security vulnerabilities in a network protocol using parameterized systems. In Proceedings of CAV, 2013.

Digital Library

[6]

Satish Chandra, Patrice Godefroid, and Christopher Palm. Software model checking in practice: An industrial case study. In Proceedings of the 24th International Conference on Software Engineering, ICSE '02, pages 431--441, 2002.

Digital Library

[7]

Edmund Clarke, Daniel Kroening, and Flavio Lerda. A tool for checking ANSI-C programs. In Kurt Jensen and Andreas Podelski, editors, Tools and Algorithms for the Construction and Analysis of Systems, volume 2988, pages 168--176. 2004.

[8]

R. Coltun, D. Ferguson, J. Moy, and A. Lindem. OSPF for IPv6. IETF RFC 5340, July 2008.

[9]

Edsger. W. Dijkstra. A note on two problems in connexion with graphs. Numerische Mathematik, 1:269--271, 1959.

Digital Library

[10]

B. Fortz. On the evaluation of the reliability of OSPF routing in IP networks. Technical report, Institut d'administration et de gestion, 2001.

[11]

E. Jones and O. Le Moigne. OSPF Security Vulnerabilities Analysis. Internet-Draft draft-ietf-rpsec-ospf-vuln-02, IETF, June 2006.

[12]

Felix Lindner. Cisco IOS router exploitation. In Black Hat USA, 2009.

[13]

S. U. R. Malik, S. K. Srinivasan, S. U. Khan, and L. Wang. A methodology for OSPF routing protocol verification. In Proceedings of the 12th International Conference on Scalable Computing and Communications (ScalCom), 2012.

[14]

P. Matousek, J. Ráb, O. Rysavy, and M. Svéda. A formal model for network-wide security analysis. In Proceedings of ECBS 2008., pages 171--181, 2008.

Digital Library

[15]

J. Moy. OSPF version 2. IETF RFC 2328, April 1998.

[16]

Gabi Nakibly, Alex Kirshon, Dima Gonikman, and Dan Boneh. Persistent OSPF attacks. In Proceedings of NDSS, 2012.

[17]

Corina Pasareanu, Matthew Dwyer, and Michael Huth. Assume-guarantee model checking of software: A comparative case study. In Theoretical and Practical Aspects of SPIN Model Checking, volume 1680, pages 168--183. 1999.

Digital Library

[18]

Feiyi Wang, Brian Vetter, and Shyhtsun Felix Wu. Secure Routing Protocols: Theory and Practice. Technical report, North Carolina State U., May 1997.

[19]

S. F. Wu, H. C. Chang, F. Jou, F. Wang, F. Gong, C. Sargor, D. Qu, and R. Cleaveland. Jinao: Design and implementation of a scalable intrusion detection system for the OSPF routing protocol. ACM Transactions on Computer Systems, 2:251--273.

Cited By

Fu CLi QShen MXu K(2023)Frequency Domain Feature Based Robust Malicious Traffic DetectionIEEE/ACM Transactions on Networking10.1109/TNET.2022.319587131:1(452-467)Online publication date: Feb-2023
https://doi.org/10.1109/TNET.2022.3195871
Feng XLi QSun KYang YXu K(2023)Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179441(3162-3177)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179441
Darville CHöfner PIvankovic FPam A(2022)Advanced Models for the OSPF Routing ProtocolElectronic Proceedings in Theoretical Computer Science10.4204/EPTCS.355.2355(13-26)Online publication date: 21-Mar-2022
https://doi.org/10.4204/EPTCS.355.2
Show More Cited By

Index Terms

OSPF vulnerability to persistent poisoning attacks: a systematic analysis

Recommendations

An experimental study of insider attacks for OSPF routing protocol
ICNP '97: Proceedings of the 1997 International Conference on Network Protocols (ICNP '97)

It is critical to protect the network infrastructure (e.g., network routing and management protocols) against security intrusions, yet dealing with insider attacks are probably one of the most challenging research problems in network security. We study ...
Malicious JavaScript Insertion through ARP Poisoning Attacks

Details about ARP poisoning attacks as well as countermeasures have been known for years. Yet, most networks are still vulnerable to these attacks because they haven't implemented defenses. This article explains how ARP poisoning attacks work and ...
A framework to mitigate ARP sniffing attacks by cache poisoning

Today in the digital era of computing, most of the network attacks are caused by sniffing the sensitive data over the network. Among various types of sniffing attacks, ARP sniffing causes most of the LAN attacks wired and wireless LAN coexist. ARP ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ACSAC '14: Proceedings of the 30th Annual Computer Security Applications Conference

December 2014

492 pages

ISBN:9781450330053

DOI:10.1145/2664243

Conference Chairs:
Charles N. Payne
Adventium Labs
,
Adam Hahn
Washington State University
,
Program Chairs:
Kevin Butler
University of Florida
,
Micah Sherr
Georgetown University

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

ACSA: Applied Computing Security Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 December 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ACSAC '14

Sponsor:

ACSA

ACSAC '14: Annual Computer Security Applications Conference

December 8 - 12, 2014

Louisiana, New Orleans, USA

Acceptance Rates

Overall Acceptance Rate 104 of 497 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
743
Total Downloads

Downloads (Last 12 months)55
Downloads (Last 6 weeks)7

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Fu CLi QShen MXu K(2023)Frequency Domain Feature Based Robust Malicious Traffic DetectionIEEE/ACM Transactions on Networking10.1109/TNET.2022.319587131:1(452-467)Online publication date: Feb-2023
https://doi.org/10.1109/TNET.2022.3195871
Feng XLi QSun KYang YXu K(2023)Man-in-the-Middle Attacks without Rogue AP: When WPAs Meet ICMP Redirects2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179441(3162-3177)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179441
Darville CHöfner PIvankovic FPam A(2022)Advanced Models for the OSPF Routing ProtocolElectronic Proceedings in Theoretical Computer Science10.4204/EPTCS.355.2355(13-26)Online publication date: 21-Mar-2022
https://doi.org/10.4204/EPTCS.355.2
Rao DTV R(2022)An Analysis of Label Distribution Protocol (LDP) Deficiencies2022 3rd International Conference for Emerging Technology (INCET)10.1109/INCET54531.2022.9824554(1-6)Online publication date: 27-May-2022
https://doi.org/10.1109/INCET54531.2022.9824554
Sawalmeh HMalayshi MAhmad SAwad A(2021)VPN Remote Access OSPF-based VPN Security Vulnerabilities and Counter Measurements2021 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT)10.1109/3ICT53449.2021.9581512(236-241)Online publication date: 29-Sep-2021
https://doi.org/10.1109/3ICT53449.2021.9581512
Drury JHöfner PWang W(2020)Formal Models of the OSPF Routing ProtocolElectronic Proceedings in Theoretical Computer Science10.4204/EPTCS.316.4316(72-120)Online publication date: 26-Apr-2020
https://doi.org/10.4204/EPTCS.316.4
Al-Musawi BBranch PHassan MPokhrel S(2020)Identifying OSPF LSA falsification attacks through non-linear analysisComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2019.107031167:COnline publication date: 11-Feb-2020
https://dl.acm.org/doi/10.1016/j.comnet.2019.107031
Meredith RDutta R(2019)Increasing Network Resilience to Persistent OSPF AttacksICC 2019 - 2019 IEEE International Conference on Communications (ICC)10.1109/ICC.2019.8761838(1-7)Online publication date: May-2019
https://doi.org/10.1109/ICC.2019.8761838
Devir NGrumberg OMarkovitch SNakibly G(2019)Topology-Agnostic Runtime Detection of OSPF Routing Attacks2019 IEEE Conference on Communications and Network Security (CNS)10.1109/CNS.2019.8802826(277-285)Online publication date: Jun-2019
https://doi.org/10.1109/CNS.2019.8802826
Robbins D(2018)Using Protocol Redundancy to Enhance OSPF Network System SurvivabilitySoutheastCon 201810.1109/SECON.2018.8479134(1-7)Online publication date: Apr-2018
https://doi.org/10.1109/SECON.2018.8479134
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents