Re: [OSPF] OSPF - Owning the Routing Table Attack

Uma Chunduri <uma.chunduri@ericsson.com> Fri, 02 August 2013 17:19 UTC

Return-Path: <uma.chunduri@ericsson.com>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECB9B21E80C2 for <ospf@ietfa.amsl.com>; Fri, 2 Aug 2013 10:19:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ERS7Nty3-4eh for <ospf@ietfa.amsl.com>; Fri, 2 Aug 2013 10:19:32 -0700 (PDT)
Received: from usevmg21.ericsson.net (usevmg21.ericsson.net [198.24.6.65]) by ietfa.amsl.com (Postfix) with ESMTP id 2C56921F9E51 for <ospf@ietf.org>; Fri, 2 Aug 2013 10:19:32 -0700 (PDT)
X-AuditID: c6180641-b7f986d000007a82-43-51fbea1c2412
Received: from EUSAAHC003.ericsson.se (Unknown_Domain [147.117.188.81]) by usevmg21.ericsson.net (Symantec Mail Security) with SMTP id 99.CF.31362.C1AEBF15; Fri, 2 Aug 2013 19:19:24 +0200 (CEST)
Received: from EUSAAMB105.ericsson.se ([147.117.188.122]) by EUSAAHC003.ericsson.se ([147.117.188.81]) with mapi id 14.02.0328.009; Fri, 2 Aug 2013 13:19:24 -0400
From: Uma Chunduri <uma.chunduri@ericsson.com>
To: Glen Kent <glen.kent@gmail.com>, "ospf@ietf.org" <ospf@ietf.org>
Thread-Topic: [OSPF] OSPF - Owning the Routing Table Attack
Thread-Index: AQHOj58i/36FKErcrkCmoibJVlArvpmCKN1g
Date: Fri, 2 Aug 2013 17:19:23 +0000
Message-ID: <1B502206DFA0C544B7A604691520086317449883@eusaamb105.ericsson.se>
References: <CAPLq3UNWoff2pSe9fkWsBmfW3b-CfKe9iUiPMWBNZKe=jXn0KQ@mail.gmail.com>
In-Reply-To: <CAPLq3UNWoff2pSe9fkWsBmfW3b-CfKe9iUiPMWBNZKe=jXn0KQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [155.53.73.25]
Content-Type: multipart/alternative; boundary="_000_1B502206DFA0C544B7A604691520086317449883eusaamb105erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrBLMWRmVeSWpSXmKPExsUyuXRPoK7Mq9+BBrva5Cz2nHjPYtFy7x67 A5PHzll32T2WLPnJFMAUxWWTkpqTWZZapG+XwJVxcNcf9oIV0hVrt7SzNTA2SXQxcnJICJhI 9G6dzgJhi0lcuLeerYuRi0NI4CijxNdTb6CcZYwS279uYASpYhPQk/g49Sc7iC0i4CLx+fR0 MFtYwEriw/oFTF2MHEBxa4nn8/0gSowk7hx6AtbKIqAisX/9JmYQm1fAV2LVyptgrUICARJb ew6AtXIKBEqsbBYCCTMC3fP91BomEJtZQFzi1pP5TBB3Ckgs2XOeGcIWlXj5+B8rhK0gsbVt O1R9vsTjw1fYIVYJSpyc+YRlAqPILCSjZiEpm4WkDCKuI7Fg9yc2CFtbYtnC18ww9pkDj5mQ xRcwsq9i5CgtTi3LTTcy3MQIjJ1jEmyOOxgXfLI8xCjNwaIkzrtB70ygkEB6YklqdmpqQWpR fFFpTmrxIUYmDk6pBkaT/DPVDeKpAixvm7c5JOj/FNlyTT3rxmW2g6I7vFfeyoztTF1z5q77 x2abm2L3aybM0Dt4xehmk+qJMPmb3/a4VNX3HqxKvJmx6uuJRWoZy5S9uLeouW+oL1jd+kNK KLaMpeqJ4yWVEl3Ztb9nJGi9+hVQq6Xwwj/R3C6ovH7dzNbzAf+MOZRYijMSDbWYi4oTAQ9y XP1rAgAA
Subject: Re: [OSPF] OSPF - Owning the Routing Table Attack
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Aug 2013 17:19:38 -0000

Remembered comments about this in SAAG.

If authentication shared secrets are compromised (insider attack) you can envision all sorts of issues.

If this is still considered serious consider changing keys or use a key management protocol (hope there will be one defined) to do this periodically!


--
Uma C.



________________________________
From: ospf-bounces@ietf.org [mailto:ospf-bounces@ietf.org] On Behalf Of Glen Kent
Sent: Friday, August 02, 2013 9:41 AM
To: ospf@ietf.org
Subject: [OSPF] OSPF - Owning the Routing Table Attack

Hi,

Does anybody have details on what this OSPF vulnerability is?

https://www.blackhat.com/us-13/briefings.html#Nakibly

Glen