Re: Routing Protocol Security

[dylan () juniper net]

On Tue, Aug 13, 2002 at 01:55:50PM -0700, senthil ayyasamy wrote:

> > Can any of you cite cases where an attack has been
> > carried out against a
> > network's routing protocol (BGP or OSPF in
> > particular)? 
>
>  I heard people talking about a Dos (not DDos) attack
> from your neighbor peer router that overflows your
> routing table with too much data. I am not aware of
> any DDos on routing packets(?).There are chances for
> man-in-the-attacks between BGP sessions. The question
> is how much the crypto- based security mechanisms like
> MD5 helps prevent routing vulnerabilities. But, I
> guess misconfiguration can also be considered as a 
> reason behind many vulnerabilities.

Senthil,

Hi there..

Agreed, I think there are two major classifications you can lump things
under; exploitation of a weak router / misconfiguration to manipulate a
legitimate speaker's advertisements, OR a 3rd party box somehow
manipulating a routing protocol between other devices.  (Using something
like nemesis, etc..)

While tools like nemesis and other scripts are out there, and perfectly
capable of forging/manipulating routing protocol packets, how common is
this? 

Of the problems folks have run into, are they more often the result of a
legitimate speaker being compromised & playing with advertisements
somehow (and getting through filters that may or may not be present), or
from devices actually spoofing their way into the IGP/EGP?  Are there 
any specific attacks anyone is aware of & can share?

..Dylan

-- 
  ,  Dylan Greene      ,
 +   Juniper Networks   +
 +   +1 617/407-6254    +
  `  dylan () juniper net '