Kamis, 22 Maret 2007

OSPF Attacks

Last night, i tried to play around with a very basic OSPF configuration and the below depicts my config. Its the simplest form of OSPF configuration without any authentication.



The other night i was talking about OSPF and the ability that this protocol is able to divulge a lot of information by sniffing from the network that uses OSPF. If you have physical access to the router, you could also issue commands like show ip ospf , show ip ospf database and some other show ip ospf commands.

OSPF HELLO packets are sent every 10-30 seconds and routing updates are sent every 30 minutes. The hello packets are the ones with the most juicy info. Some of them are Router ID, Area ID, Designated Router, Authentication, etc..Well, so far i had only know that injection of malicious route and Man-in-the-Middle attacks is possible. Once a successfully neighbor relationship establishes between DR and BDR, all traffic can be directed to the newly inserted route before passing all other routes. For more reference on how this can be done, please see below:

http://www.gomor.org/cgi-bin/ospfash.pl?mode=view;page=it_underground_2007

0 komentar:

Posting Komentar