[OSPF] Dropping malformed LSAs (was: OSPF - Owning the Routing Table Attack)
David Lamparter <equinox@diac24.net> Sun, 04 August 2013 13:06 UTC
Return-Path: <equinox@diac24.net>
X-Original-To: ospf@ietfa.amsl.com
Delivered-To: ospf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C80721F99B7 for <ospf@ietfa.amsl.com>; Sun, 4 Aug 2013 06:06:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0XUwbWsgF9at for <ospf@ietfa.amsl.com>; Sun, 4 Aug 2013 06:06:19 -0700 (PDT)
Received: from spaceboyz.net (spaceboyz.net [IPv6:2001:8d8:870:1000::1]) by ietfa.amsl.com (Postfix) with ESMTP id B3B4521F99A1 for <ospf@ietf.org>; Sun, 4 Aug 2013 06:06:19 -0700 (PDT)
Received: from [2001:8d8:81:5c2::] (helo=jupiter.n2.diac24.net) by spaceboyz.net with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80.1) (envelope-from <equinox@diac24.net>) id 1V5y0m-0003xv-CW; Sun, 04 Aug 2013 15:06:16 +0200
Received: from equinox by jupiter.n2.diac24.net with local (Exim 4.80.1) (envelope-from <equinox@diac24.net>) id 1V5y0Z-000Nuw-B6; Sun, 04 Aug 2013 15:06:05 +0200
Date: Sun, 04 Aug 2013 15:06:03 +0200
From: David Lamparter <equinox@diac24.net>
To: Glen Kent <glen.kent@gmail.com>
Message-ID: <20130804130603.GV67612@jupiter.n2.diac24.net>
References: <CAPLq3UNWoff2pSe9fkWsBmfW3b-CfKe9iUiPMWBNZKe=jXn0KQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CAPLq3UNWoff2pSe9fkWsBmfW3b-CfKe9iUiPMWBNZKe=jXn0KQ@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: "ospf@ietf.org" <ospf@ietf.org>
Subject: [OSPF] Dropping malformed LSAs (was: OSPF - Owning the Routing Table Attack)
X-BeenThere: ospf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: The Official IETF OSPG WG Mailing List <ospf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ospf>, <mailto:ospf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ospf>
List-Post: <mailto:ospf@ietf.org>
List-Help: <mailto:ospf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ospf>, <mailto:ospf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Aug 2013 13:06:20 -0000
On Fri, Aug 02, 2013 at 10:11:01PM +0530, Glen Kent wrote: > Does anybody have details on what this OSPF vulnerability is? > > https://www.blackhat.com/us-13/briefings.html#Nakibly As people may have noticed by now (the embargo on providing details has expired as the talk was presented), this issue consists of Router LSAs where the Router ID is different from the Link State ID. As such, this attack is implementable from any router in an OSPF area against any other router in the OSPF. (Quite honestly, IMHO this is seriously far fetched. If your control plane got compromised this far you have other problems.) While Quagga is unaffected by this, we've implemented a warning. We're also considering dropping the LSA outright, but I'm somewhat split on that (tilted towards dropping). I'd be interested if the WG has comments on that? -David
- [OSPF] OSPF - Owning the Routing Table Attack Glen Kent
- Re: [OSPF] OSPF - Owning the Routing Table Attack Uma Chunduri
- Re: [OSPF] OSPF - Owning the Routing Table Attack Mitchell Erblich
- Re: [OSPF] OSPF - Owning the Routing Table Attack Michael Barnes
- Re: [OSPF] OSPF - Owning the Routing Table Attack Uma Chunduri
- Re: [OSPF] OSPF - Owning the Routing Table Attack Orhan Ergün
- Re: [OSPF] OSPF - Owning the Routing Table Attack Michael Barnes
- [OSPF] Dropping malformed LSAs (was: OSPF - Ownin… David Lamparter
- Re: [OSPF] Dropping malformed LSAs (was: OSPF - O… Acee Lindem
- Re: [OSPF] Dropping malformed LSAs (was: OSPF - O… Gabi Nakibly
- Re: [OSPF] Dropping malformed LSAs (was: OSPF - O… Yi Yang (yiya)
- Re: [OSPF] Dropping malformed LSAs (was: OSPF - O… Gabi Nakibly
- Re: [OSPF] Dropping malformed LSAs (was: OSPF - O… Bhatia, Manav (Manav)
- Re: [OSPF] Dropping malformed LSAs (was: OSPF - O… Anton Smirnov
- Re: [OSPF] Dropping malformed LSAs A. Przygienda
- Re: [OSPF] Dropping malformed LSAs (was: OSPF - O… Bhatia, Manav (Manav)
- Re: [OSPF] Dropping malformed LSAs (was: OSPF - O… Acee Lindem
- Re: [OSPF] Dropping malformed LSAs (was: OSPF - O… Bhatia, Manav (Manav)
- Re: [OSPF] Dropping malformed LSAs (was: OSPF - O… Uma Chunduri
- Re: [OSPF] Dropping malformed LSAs (was: OSPF - O… Glen Kent
- Re: [OSPF] Dropping malformed LSAs (was: OSPF - O… Uma Chunduri
- Re: [OSPF] Dropping malformed LSAs (was: OSPF - O… Acee Lindem
- Re: [OSPF] Dropping malformed LSAs A. Przygienda
- Re: [OSPF] Dropping malformed LSAs (was: OSPF - O… Mitchell Erblich