open shortest path first
play

OPEN SHORTEST PATH FIRST How to take advantage of routing protocols - PowerPoint PPT Presentation

Nov 05, 2022 •130 likes •495 views

PWN OPEN SHORTEST PATH FIRST How to take advantage of routing protocols 1 ABOUT ME Studied network and security at the Technical University of Troyes (France) Working at WienCERT (Stadt-Wien) 2 AGENDA What is a routing protocol? How to

  1. PWN OPEN SHORTEST PATH FIRST How to take advantage of routing protocols 1

  2. ABOUT ME Studied network and security at the Technical University of Troyes (France) Working at WienCERT (Stadt-Wien) 2

  3. AGENDA What is a routing protocol? How to use a vulnerable configuration? Consequences and how to avoid it. 3

  4. WHAT IS A ROUTING PROTOCOL 4 Photo courtesy of Dawson Construction Co. BP Refinery project

  5. ROUTING IN IP NETWORKS IP Networks & Masks IP Network Mask 10.0.0.9/29 10.0.0.8 255.255.255.248 5

  6. ROUTING IN IP NETWORKS IP: 192.168.42.1/24 Network Gateway 10.0.0.0/8 R1 10.0.0.0/24 R2 0.0.0.0 R3 To reach 10.0. 0.1 ⇒ GW R2 To reach 10.0. 1.1 ⇒ GW R1 To reach 192.168.1.1 ⇒ GW R3 6

  7. HISTORICAL ROUTING All routers controlled by the same administrative authority Security wasn’t really a preoccupation Internet grew to fast to implement security changes 7

  8. WHAT IS A ROUTING PROTOCOL? Share routes through the network in an automated way IGP vs. EGP link-state vs. distance-vector 8

  9. OSPF: A ROUTING PROTOCOL Interior Gateway Protocol Multicast (224.0.0.5 or FF02::5) Link-State Protocol ⇒ Keep state with UPDATE packets Encapsulated directly in IP (protocol 89) 9

  10. Network Bravo Network A R1 Network C R3 Network B R2 Network C R3 OSPF Network Charlie Network Alpha DYNAMIC ROUTING 10

  11. HOW TO EXPLOIT A VULNERABLE CONFIGURATION 11 bit.ly/1vkWpOP

  12. MULTIPLE VULNERABILITIES Old protocol (last RFC in 1998) Information sent in clear text … 12

  13. OSPF HEADER 13

  14. MULTIPLE VULNERABILITIES II Standard configuration of routers ⇒ Clear text auth ⇒ add router to the network ⇒ and then add new routes to the protocol 14

  15. DYNAMIC ROUTING Network Bravo Network Charlie Network Alpha 15

  16. DYNAMIC ROUTING Network Bravo Network Charlie Network Alpha NewR Illegal Network 16

  17. DYNAMIC ROUTING Network Bravo Network A R1 Network C R3 Illegal Net. R3 Network Charlie Network Alpha NewR Network A R1 Network B R2 Illegal Network Network B R2 Network C R3 Illegal Net NewR Illegal Net. R3 17 17

  18. CONSEQUENCES Re-route internal IP-traffic Manipulate connections (DNS, DHCP , …) Reroute external IPs to internal servers 18

  19. WHAT ABOUT OTHER PROTOCOLS? 19

  20. EIGRP Distance-Vector Cisco Routing Protocol 20

  21. RIPv2 Distance-Vector Routing Protocol 21

  22. BGP Exterior Gateway Protocol This vulnerability is not applicable Neighboring required to route 22

  23. TOOLS Wireshark Nemesis Loki IP Sorcery Cain&Abel Quagga Net Dude Scapy (contrib module; no md5) Collasoft NRL Core IRPAS 23

  24. HOW TO AVOID MIS-CONFIGURATION 24 http://bit.ly/1uG7Oak

  25. CONFIGURATION Know your routers! Review your configuration periodically Limit the scope of your routing protocol Test your configuration 25

  26. JUNOS EXAMPLE # show protocols ospf area 0.0.0.0 interface vlan.1 { retransmit-interval 5; hello-interval 2; dead-interval 10; authentication { md5 1 key "mypassword"; } } interface ge-0/0/1.0 { passive ; } 26

  27. QUAGGA EXAMPLE router ospf ospf router-id 10.0.0.1 # network 10.1.2.0/24 area 0 network 10.2.4.0/24 area 0 passive-interface eth0:1 # redistribute kernel redistribute connected redistribute static default-information originate # 27

  28. CISCO EXAMPLE router ospf 1 router-id 10.0.0.1 log-adjacency-changes area 10.0.0.20 authentication redistribute connected metric 50 subnets redistribute static subnets passive-interface default no passive-interface FastEthernet0 network 10.11.12.0 0.0.0.255 area 20 network 192.168.42.0 0.0.0.255 area 20 28

  29. CISCO EXAMPLE interface FastEthernet0 ip address 10.0.0.1 255.255.255.0 ip ospf authentication message-digest ip ospf authentication-key P4ssW0rd ip ospf 1 area 10.0.0.20 duplex auto speed auto 29

  30. CISCO EXAMPLE 30

  31. PATCH MANAGEMENT Patch your network devices Learn about new protocol (OSPFv3 w/ AH&ESP) Use the new protocols 31

  32. OTHER VULNERABILITIES? Spoofed LSA (CVE-2013-0149) 32

  33. CONCLUSION Consider Routing as a critical asset Monitor your network Audit your network periodically 33

  34. SPECIAL THANKS WienCERT PGP-Key: 9B2C C43A 0B5A 6269 A438 A1FC 07FA F5B9 948A D027 34

  35. CONTACT louis@durufle.eu @louisdurufle 35

  36. REFERENCES IP RFC https://tools.ietf.org/html/rfc791 OSPF v2 RFC http://tools.ietf.org/html/rfc2328 OSPF for IPv6 RFC http://tools.ietf.org/html/rfc5340 “An Experimental Study of Insider Attacks for the OSPF Routing Protocol” Brian Vetter, Feiyi Wang, S. Felix Wu (1997) “Persistent OSPF Attacks” Gabi Nakibly and al. http://crypto.stanford.edu/~dabo/pubs/papers/ ospf.pdf “OSPF Security Project” Michael Sudkovitch and David I. Roitman, http:// webcourse.cs.technion.ac.il/236349/Spring2013/ho/WCFiles/2009-2-ospf-report.pdf Scapy OSPF Module https://raw.githubusercontent.com/d1b/scapy/master/scapy/contrib/ospf.py 36

Recommend

Lab Course RouterLab Open Shortest Path First (OSPF) Miscellaneous Don't set enable

Lab Course RouterLab Open Shortest Path First (OSPF) Miscellaneous Don't set enable

Lab Course RouterLab Open Shortest Path First (OSPF) Miscellaneous Don't set enable passwords on Cisco router ... OSPF (Open Shortest Path First) Open: specification publicly available RFC 1247, RFC 2328 Working

383 views • 24 slides
OSPF (Open Shortest Path First) Open: specification publicly available RFC 1247, RFC

OSPF (Open Shortest Path First) Open: specification publicly available RFC 1247, RFC

OSPF (Open Shortest Path First) Open: specification publicly available RFC 1247, RFC 2328 Working group formed in 1988 Goals: Large, heterogeneous internetworks Uses the Link State algorithm Topology map at each

395 views • 36 slides
OSPF (Open Shortest Path First) Open: specifjcation publicly available RFC 1247, RFC

OSPF (Open Shortest Path First) Open: specifjcation publicly available RFC 1247, RFC

OSPF (Open Shortest Path First) Open: specifjcation publicly available RFC 1247, RFC 2328 Working group formed in 1988 Goals: Large, heterogeneous internetworks Uses the Link State algorithm T opology map at each

772 views • 39 slides
4.4 Shortest Paths in a Graph shortest path from Princeton CS department to Einstein's house

4.4 Shortest Paths in a Graph shortest path from Princeton CS department to Einstein's house

4.4 Shortest Paths in a Graph shortest path from Princeton CS department to Einstein's house Shortest Path Problem Shortest path network. Directed graph G = (V, E). Source s, destination t. Length e = length of edge e. Shortest

226 views • 6 slides
TEDI: Efficient Shortest Path Query Answering on Graphs Fang Wei University of Freiburg SIGMOD

TEDI: Efficient Shortest Path Query Answering on Graphs Fang Wei University of Freiburg SIGMOD

TEDI: Efficient Shortest Path Query Answering on Graphs Fang Wei University of Freiburg SIGMOD 2010 Applications Shortest Path Queries A shortest path query on a(n) (undirected) graph finds the shortest path for the given source and target

678 views • 33 slides
Outline and Reading Weighted graphs (7.1) Shortest Paths Shortest path problem Shortest

Outline and Reading Weighted graphs (7.1) Shortest Paths Shortest path problem Shortest

Outline and Reading Weighted graphs (7.1) Shortest Paths Shortest path problem Shortest path properties Dijkstras algorithm (7.1.1) 0 A 4 8 Algorithm 2 8 2 3 Edge relaxation 7 1 B C D The Bellman-Ford

348 views • 4 slides
Lab Course RouterLab OSPF - Open Shortest Path First (RFC 2328) Some of the slides come

Lab Course RouterLab OSPF - Open Shortest Path First (RFC 2328) Some of the slides come

Lab Course RouterLab OSPF - Open Shortest Path First (RFC 2328) Some of the slides come from: http://www.ietf.org/proceedings/07dec/slides/IDRTut-0.pdf 1 Miscellaneous Anything that needs discussion? OSPF 2 Internet Routing

690 views • 20 slides
Parallel shortest-path route planning on real-world road networks: SP over graph processing and

Parallel shortest-path route planning on real-world road networks: SP over graph processing and

Parallel shortest-path route planning on real-world road networks: SP over graph processing and GNN based SP R244: Large Scale Data Processing and Optimisation Open Source Project Claire Cofgey Motivation - Fast shortest-path computations on

78 views • 7 slides
Shortest Paths Shortest path problem. Given a directed graph G = (V, E), with edge weights c vw ,

Shortest Paths Shortest path problem. Given a directed graph G = (V, E), with edge weights c vw ,

Shortest Paths Shortest path problem. Given a directed graph G = (V, E), with edge weights c vw , find shortest path from node s to node t. allow negative weights Ex. Nodes represent agents in a financial setting and c vw is cost of transaction

394 views • 11 slides
Finding Shortest Paths Shortest Path Problem Shortest Path Problem Given a graph G = ( V , E )

Finding Shortest Paths Shortest Path Problem Shortest Path Problem Given a graph G = ( V , E )

Finding Shortest Paths Shortest Path Problem Shortest Path Problem Given a graph G = ( V , E ) and an edge weight function : V R . Length of a Path The length or weight ( P ) of a path P = { v 1 , v 2 , . . . , v l } with at least two

347 views • 24 slides
Finding Shortest Paths Shortest Path Problem Shortest Path Problem We are given a graph G = ( V ,

Finding Shortest Paths Shortest Path Problem Shortest Path Problem We are given a graph G = ( V ,

Finding Shortest Paths Shortest Path Problem Shortest Path Problem We are given a graph G = ( V , E ) and an edge weight function : E R . Length of a Path The length or weight ( P ) of a path P = { v 1 , v 2 , . . . , v l } with at

495 views • 20 slides
ECE 242 Data Structures Lecture 31 Shortest Path Algorithms November 30, 2009 ECE242 L31:

ECE 242 Data Structures Lecture 31 Shortest Path Algorithms November 30, 2009 ECE242 L31:

ECE 242 Data Structures Lecture 31 Shortest Path Algorithms November 30, 2009 ECE242 L31: Shortest Path Algorithms Single Source Shortest Path Problem Single source shortest path problem Find the shortest path to all other nodes from a

216 views • 11 slides
Shortest Paths with Arbitrary Edge Weights Cormen et. al.24.1 Shortest Path Problem Shortest

Shortest Paths with Arbitrary Edge Weights Cormen et. al.24.1 Shortest Path Problem Shortest

Shortest Paths with Arbitrary Edge Weights Cormen et. al.24.1 Shortest Path Problem Shortest path problem. Given a directed graph G = (V, E), with edge weights c vw , find shortest path from node s to node t. Th This is t tim ime w we a

302 views • 13 slides
Shortest Paths Shortest Paths path between two given vertices path between two given vertices

Shortest Paths Shortest Paths path between two given vertices path between two given vertices

Shortest Path Introduction to Algorithms Introduction to Algorithms Given a weighted directed graph one Given a weighted directed graph, one common problem is finding the shortest Shortest Paths Shortest Paths path between two given

431 views • 16 slides
Dijkstra s Algorithm Shortest Path Problem Directed graph G = (V , E) Source s l e = length

Dijkstra s Algorithm Shortest Path Problem Directed graph G = (V , E) Source s l e = length

Dijkstra s Algorithm Shortest Path Problem Directed graph G = (V , E) Source s l e = length of edge e l e 0 for all edges e Shortest path problem: (Google Maps!) find shortest path from s to all other nodes 1 a c 2 3 1 1 1 e

882 views • 18 slides
Design of capacitated networks with unsplittable shortest path routing Andreas Bley Zuse

Design of capacitated networks with unsplittable shortest path routing Andreas Bley Zuse

Design of capacitated networks with unsplittable shortest path routing Andreas Bley Zuse Institute Berlin (ZIB) Overview Practical background: Internet = shortest path routing Properties of unsplittable shortest path systems Integer

460 views • 17 slides
Network layer The Dijkstra Algorithm or Dijkstras Shortest Path First Algorithm Non-Adaptive

Network layer The Dijkstra Algorithm or Dijkstras Shortest Path First Algorithm Non-Adaptive

IN2140: Introduction to Operating Systems and Data Communication Network layer The Dijkstra Algorithm or Dijkstras Shortest Path First Algorithm Non-Adaptive Routing Shortest Path Routing Non-Adaptive Shortest Path Routing Static

393 views • 13 slides
Single Source Shortest Path A directed graph G = ( V, E ) and a pair of nodes s, d is given. The

Single Source Shortest Path A directed graph G = ( V, E ) and a pair of nodes s, d is given. The

Single Source Shortest Path A directed graph G = ( V, E ) and a pair of nodes s, d is given. The edges have a real-valued weight W i . This time we are looking for the weight and the shortest path from s to d . The weight of the shortest path

690 views • 22 slides
Chapter 3: Configuring the Open Shortest Path First Protocol CCNP-RS ROUTE Ali Aydemir

Chapter 3: Configuring the Open Shortest Path First Protocol CCNP-RS ROUTE Ali Aydemir

Chapter 3: Configuring the Open Shortest Path First Protocol CCNP-RS ROUTE Ali Aydemir Chapter 3 Objectives Describe OSPF terminology and operation within various enterprise environments. Describe the function and operation of

2.11k views • 199 slides
CMSC 132: Object-Oriented Programming II Single Source Shortest Path Algorithm Department of

CMSC 132: Object-Oriented Programming II Single Source Shortest Path Algorithm Department of

CMSC 132: Object-Oriented Programming II Single Source Shortest Path Algorithm Department of Computer Science University of Maryland, College Park Single Source Shortest Path Common graph problems Problem1 Find path from X to Y with

225 views • 21 slides
CSE 421 Longest Path in a DAG, LIS, Shortest Path with Negative Weights Shayan Oveis Gharan 1

CSE 421 Longest Path in a DAG, LIS, Shortest Path with Negative Weights Shayan Oveis Gharan 1

CSE 421 Longest Path in a DAG, LIS, Shortest Path with Negative Weights Shayan Oveis Gharan 1 Longest Path in a DAG Longest Path in a DAG Goal: Given a DAG G, find the longest path. Recall: A directed graph G is a DAG if it has no cycle.

571 views • 23 slides
Example Shortest Path Problems 8 6 2 1 1 3 3 1 16 7 5 Directed weighted graph. 6

Example Shortest Path Problems 8 6 2 1 1 3 3 1 16 7 5 Directed weighted graph. 6

Example Shortest Path Problems 8 6 2 1 1 3 3 1 16 7 5 Directed weighted graph. 6 4 10 4 Path length is sum of weights of edges on path. 2 4 7 7 5 3 The vertex at which the path begins is the source vertex. 14

237 views • 4 slides
Shortest Paths Todays announcements: PA3 due 29 Nov 23:59 Final Exam, 10 Dec 12:00,

Shortest Paths Todays announcements: PA3 due 29 Nov 23:59 Final Exam, 10 Dec 12:00,

Shortest Paths Todays announcements: PA3 due 29 Nov 23:59 Final Exam, 10 Dec 12:00, OSBO A Todays Plan: Dijkstras shortest path algorithm 22 7 3 10 s 4 6 8 10 12 4 5 8 7 16 12 8 4 0 Find the shortest path

243 views • 6 slides
Weighted Graph Algorithms Weighted shortest path problem Dijkstras algorithm (single

Weighted Graph Algorithms Weighted shortest path problem Dijkstras algorithm (single

Weighted Graph Algorithms Weighted shortest path problem Dijkstras algorithm (single source, non negative edge weight) All pairs shortest path Warshalls algorithm Definition of a path Consider a directed graph

455 views • 10 slides

More recommend