From: Xiaoyong Wu (xiaoyong.wu@gmail.com)
Date: Wed Jan 03 2007 - 23:46:08 EST
I was involved in one of DARPA projects called JiNao which was an
intrusion detection system for network architectures. There are
several papers on this project that might be helpful.
Here are some of them with some information regarding OSPF issues and attacks:
http://citeseer.ist.psu.edu/jou00design.html
http://citeseer.ist.psu.edu/387416.html
Regards,
-Xiaoyong
On 1/3/07, Nikolaj <lorddoskias@gmail.com> wrote:
> dhess@na.cokecce.com wrote:
> >
> > With this password you could create an OSPF neighbor on the target
> > network and pollute the route table in whatever fashion you wish... you
> > could begin routing traffic through you to do packet capture and
> > analysis or you could route traffic to a black hole, thereby creating a
> > DOS. Best practice is to use MD5 hashing for OSPF passwords.
> >
> > Dennis
> >
> >
> >
> > *Nikolaj <lorddoskias@gmail.com>*
> > Sent by: listbounce@securityfocus.com
> >
> > 01/03/2007 06:07 AM
> >
> >
> > To
> > pen-test@securityfocus.com
> > cc
> >
> > Subject
> > Possible hi-jacking of ospf chain.
> >
> >
> >
> >
> >
> >
> >
> >
> > Hello,
> >
> >
> > Happy New Year to everyone, that's first. :)
> >
> > I'm observing the traffic flow in my network and I see some strange
> > behavior with the OSPF packets. All of them contain plain-text password.
> > I was wondering whether it was possible to join the OSPF chain and
> > route the traffic to /dev/null let's say and thus render the network
> > traffic unavailable? Or what can be done with this password? It's in the
> > OSPF LS Acknowledge and OSPF Hello packet.
> >
> > ------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> >
> > http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> > ------------------------------------------------------------------------
> >
> >
>
> Very interesting. I'm talking about a network based on the open-source
> package quagga. Can you give some links to paper that describe possible
> attaks, or the best way is to download and install quagga on my machine
> and start playing with the router tables?
>
> Regards.
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:31 EDT