[50889] in North American Network Operators' Group
Re: Routing Protocol Security
daemon@ATHENA.MIT.EDU (dylan@juniper.net)
Tue Aug 13 17:14:35 2002
From: dylan@juniper.net
Date: Mon, 12 Aug 2002 18:13:13 -0400
To: senthil ayyasamy <mplsgeek@yahoo.com>
Cc: nanog@merit.edu
In-Reply-To: <20020813205550.55570.qmail@web20803.mail.yahoo.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, Aug 13, 2002 at 01:55:50PM -0700, senthil ayyasamy wrote:
> > Can any of you cite cases where an attack has been
> > carried out against a
> > network's routing protocol (BGP or OSPF in
> > particular)?
>
> I heard people talking about a Dos (not DDos) attack
> from your neighbor peer router that overflows your
> routing table with too much data. I am not aware of
> any DDos on routing packets(?).There are chances for
> man-in-the-attacks between BGP sessions. The question
> is how much the crypto- based security mechanisms like
> MD5 helps prevent routing vulnerabilities. But, I
> guess misconfiguration can also be considered as a
> reason behind many vulnerabilities.
Senthil,
Hi there..
Agreed, I think there are two major classifications you can lump things
under; exploitation of a weak router / misconfiguration to manipulate a
legitimate speaker's advertisements, OR a 3rd party box somehow
manipulating a routing protocol between other devices. (Using something
like nemesis, etc..)
While tools like nemesis and other scripts are out there, and perfectly
capable of forging/manipulating routing protocol packets, how common is
this?
Of the problems folks have run into, are they more often the result of a
legitimate speaker being compromised & playing with advertisements
somehow (and getting through filters that may or may not be present), or
from devices actually spoofing their way into the IGP/EGP? Are there
any specific attacks anyone is aware of & can share?
..Dylan
--
, Dylan Greene ,
+ Juniper Networks +
+ +1 617/407-6254 +
` dylan@juniper.net '
