Re: [OSPF] OSPF - Owning the Routing Table Attack

Mitchell Erblich <erblichs@earthlink.net> Fri, 02 August 2013 17:51 UTC

Return-Path: <erblichs@earthlink.net>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C91C211E8107 for <ospf@ietfa.amsl.com>; Fri, 2 Aug 2013 10:51:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y4EKQXMICm4W for <ospf@ietfa.amsl.com>; Fri, 2 Aug 2013 10:51:50 -0700 (PDT)
Received: from elasmtp-junco.atl.sa.earthlink.net (elasmtp-junco.atl.sa.earthlink.net [209.86.89.63]) by ietfa.amsl.com (Postfix) with ESMTP id 0D7A511E8113 for <ospf@ietf.org>; Fri, 2 Aug 2013 10:51:39 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=E48r49HwrKOKIqiZKiTsaPioc0ziypah2crGG8EMdlX4whTb7n0al5LQ3Q/VK5Xu; h=Received:From:Content-Type:Content-Transfer-Encoding:Subject:Date:Message-Id:Cc:To:Mime-Version:X-Mailer:X-ELNK-Trace:X-Originating-IP;
Received: from [50.168.24.201] (helo=[10.0.1.5]) by elasmtp-junco.atl.sa.earthlink.net with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.67) (envelope-from <erblichs@earthlink.net>) id 1V5JVp-0008Nj-GI; Fri, 02 Aug 2013 13:51:37 -0400
From: Mitchell Erblich <erblichs@earthlink.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Fri, 2 Aug 2013 10:51:38 -0700
Message-Id: <4C09F015-33D1-45D0-9898-E69305071D47@earthlink.net>
To: Glen Kent <glen.kent@gmail.com>
Mime-Version: 1.0 (Apple Message framework v1283)
X-Mailer: Apple Mail (2.1283)
X-ELNK-Trace: 074f60c55517ea841aa676d7e74259b7b3291a7d08dfec790f550e752dbf8479d3aa7786885a8ca8350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 50.168.24.201
Cc: OSPF List <ospf@ietf.org>
Subject: Re: [OSPF] OSPF - Owning the Routing Table Attack
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Aug 2013 17:51:56 -0000

Glen,

	I don't know if this will get to the general mailing list, so you can forward if you want.

	First, the most general rule is to be secure all components must be "Trusted". Within the internet this is very difficult unless..

	Within Ethernet, within OSPF, we have two major bottlenecks; the DR and the BDR. Thus for a new entity to become a DRother BOTH of those must authenticate it.

	Thus no vulnerability exists if authentication support exists and this future possible DRother fails authentication.

	Mitchell Erblich

	


Begin forwarded message:

> From: Glen Kent <glen.kent@gmail.com>
> Subject: [OSPF] OSPF - Owning the Routing Table Attack
> Date: August 2, 2013 9:41:01 AM PDT
> To: "ospf@ietf.org" <ospf@ietf.org>
> 
> Hi,
> 
> Does anybody have details on what this OSPF vulnerability is?
> 
> https://www.blackhat.com/us-13/briefings.html#Nakibly
> Glen
> 
> _______________________________________________
> OSPF mailing list
> OSPF@ietf.org
> https://www.ietf.org/mailman/listinfo/ospf
Begin forwarded message:

> From: Uma Chunduri <uma.chunduri@ericsson.com>
> Subject: Re: [OSPF] OSPF - Owning the Routing Table Attack
> Date: August 2, 2013 10:19:23 AM PDT
> To: Glen Kent <glen.kent@gmail.com>om>, "ospf@ietf.org" <ospf@ietf.org>
> 
> Remembered comments about this in SAAG.
>  
> If authentication shared secrets are compromised (insider attack) you can envision all sorts of issues.
>  
> If this is still considered serious consider changing keys or use a key management protocol (hope there will be one defined) to do this periodically!
>  
> -- 
> Uma C.
> 
>  
> 
> From: ospf-bounces@ietf.org [mailto:ospf-bounces@ietf.org] On Behalf Of Glen Kent
> Sent: Friday, August 02, 2013 9:41 AM
> To: ospf@ietf.org
> Subject: [OSPF] OSPF - Owning the Routing Table Attack
> 
> Hi,
> 
> Does anybody have details on what this OSPF vulnerability is?
> 
> https://www.blackhat.com/us-13/briefings.html#Nakibly
> Glen
> 
> _______________________________________________
> OSPF mailing list
> OSPF@ietf.org
> https://www.ietf.org/mailman/listinfo/ospf
Begin forwarded message:

> From: Uma Chunduri <uma.chunduri@ericsson.com>
> Subject: Re: [OSPF] OSPF - Owning the Routing Table Attack
> Date: August 2, 2013 10:19:23 AM PDT
> To: Glen Kent <glen.kent@gmail.com>om>, "ospf@ietf.org" <ospf@ietf.org>
> 
> Remembered comments about this in SAAG.
>  
> If authentication shared secrets are compromised (insider attack) you can envision all sorts of issues.
>  
> If this is still considered serious consider changing keys or use a key management protocol (hope there will be one defined) to do this periodically!
>  
> -- 
> Uma C.
> 
>  
> 
> From: ospf-bounces@ietf.org [mailto:ospf-bounces@ietf.org] On Behalf Of Glen Kent
> Sent: Friday, August 02, 2013 9:41 AM
> To: ospf@ietf.org
> Subject: [OSPF] OSPF - Owning the Routing Table Attack
> 
> Hi,
> 
> Does anybody have details on what this OSPF vulnerability is?
> 
> https://www.blackhat.com/us-13/briefings.html#Nakibly
> Glen
> 
> _______________________________________________
> OSPF mailing list
> OSPF@ietf.org
> https://www.ietf.org/mailman/listinfo/ospf