SlideShare una empresa de Scribd logo

Defeating OSPF MD5 authentication

F
fropert

No matter MD5/SHA-1 authentication is configured for the RFC2328, the routing infrastructure could be powned.

1 de 22
Descargar para leer sin conexión
Defeating OSPF with authentication enabled IPv6 or die Francois Ropert LAN Big One of the year (or not) http://stack.packetfault.org 2008 Francois Ropert Defeating OSPF security mechanisms
OSPF insecurity 101 Part I OSPF insecurity 101 Francois Ropert Defeating OSPF security mechanisms
OSPF insecurity 101 OSPF attacks state of the art OSPF attacks state of the art Before this paper OSPF attacks on clear-text OSPF messages exchanges: insertion/remove/modify routes Past attacks mitigation => OSPF MD5 authentication interface Ethernet0 ip address 192.168.0.101 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 GotBlackholeDbyOSPF Note: Whatever routing protocol used, routing updates authentication are not Confidentiality (CIA) Francois Ropert Defeating OSPF security mechanisms
OSPF attack Part II OSPF attack Francois Ropert Defeating OSPF security mechanisms
OSPF Today Attack 101 OSPF attack OSPF attack OSPF Today Attack The attack steps Disrupt OSPF router on a switched LAN segment Only for OSPF HELLO messages. LS messages use Sequence authentication but not the same algorithm Packets replayed over LAN are those sent by other alive routers Timeframe attack in the best case (for the victim) Not timeframe in the worst case Attack blackhole the network Francois Ropert Defeating OSPF security mechanisms
OSPF Today Attack 101 OSPF attack OSPF attack OSPF header and cryptography part OSPF Header OSPF Version: 2 Message Type: Hello Packet (1) Packet Length: 48 Source OSPF Router: 192.168.0.100 (192.168.0.100) Area ID: 0.0.0.0 (Backbone) Auth Type: Cryptographic Auth Key ID: 1 Auth Data Length: 16 Auth Crypto Sequence Number: 0x2b9542ad Auth Data: 038473959C37C62A7B60D1128212B81E Francois Ropert Defeating OSPF security mechanisms
OSPF Today Attack 101 OSPF attack OSPF attack OSPF Hello header OSPF Hello Packet Network Mask: 255.255.255.0 Hello Interval: 10 seconds ... Router Dead Interval: 40 seconds Designated Router: 192.168.0.101 Backup Designated Router: 192.168.0.100 Active Neighbor: 192.168.0.101 Auth Data (previous slide) is placed after Active Neighbors in the Ethernet frame Francois Ropert Defeating OSPF security mechanisms
OSPF Today Attack 101 OSPF attack OSPF attack OSPFv2 HELLO packets HELLO packet ? "Router is present and ready to receive/send Link state(LS) messages" Adjacency need to be bi-directional in order to begin LS packets exchange Francois Ropert Defeating OSPF security mechanisms
OSPF Today Attack 101 OSPF attack OSPF attack OSPFv2 HELLO packets HELLO packets and MD5 Packets with higher sequence number will be processed Packet with lower sequence number will be discarded or not Sequence number can’t be changed before injecting packet because it will break authentication data sequence ˆ Sequence number are circular and restart to 0: 232 and step of 4 Sequence number are reset to 0 when reboot is done on some OSPF software implementations Sequence check rely on RID not on IP source address => IP spoofing is useless Replayed packet can works everywhere the password and RID are the same Francois Ropert Defeating OSPF security mechanisms
OSPF Today Attack 101 OSPF attack OSPF attack OSPF adjacency before attack 192.168.0.101#sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.0.100 1 FULL/DROTHER 00:00:31 192.168.0.100 Ethernet0 192.168.0.1 1 FULL/DR 00:00:34 192.168.0.1 Ethernet0 Francois Ropert Defeating OSPF security mechanisms
OSPF Today Attack 101 OSPF attack OSPF attack Breaking an adjacency When breaking an adjacency ? When the Auth crypto seqnumber is very high and before rollover It’s easy in a lab environment Pull the plug or shutdown an interface At least for 40 seconds (default DEAD interval) waiting clearing of Active Neighbor list (Victim’s router) Be smart ass in production environment DoS, Cisco IOS HTTP Administrative Interface CSRF Vulnerability, etc... Francois Ropert Defeating OSPF security mechanisms
OSPF Today Attack 101 OSPF attack OSPF attack OSPF adjacency after break DEAD time is refreshed each time we sent a packet over the wire Router is not flagged DOWN but stuck in INIT A router is going DOWN when Layer 1 is broken In the attack, Layer 1 is connected and stable but it deny router to get something else Router will never get 2WAY state which need to be bidirectional in order to exchange DBD (Database Descriptors) packets Prevent a router from sending LS packets #sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.0.100 1 INIT/DROTHER 00:00:39 192.168.0.100 Ethernet0 192.168.0.1 1 FULL/DR 00:00:35 192.168.0.1 Ethernet0 Francois Ropert Defeating OSPF security mechanisms
OSPF Today Attack 101 OSPF attack OSPF attack OSPF adjacency after attack When the miscreant is done, the attack is stopped and adjacency comes back after dead interval The OSPF neighbor go to Init => Down => Init => 2-Way => Exstart => Exchange => Loading => Full 192.168.0.101#sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.0.100 1 FULL/DROTHER 00:00:38 192.168.0.100 Ethernet0 192.168.0.1 1 FULL/DR 00:00:36 192.168.0.1 Ethernet0 Francois Ropert Defeating OSPF security mechanisms
Impact on the network Part III Impact on the network Francois Ropert Defeating OSPF security mechanisms
IP routing table impact Impact on the network OSPF routing domain impact IP routing table impact Routes learned from the victim’s router are cleared 192.168.5.0/32 Routers learned from other OSPF routers still in the IP routing table 192.168.4.0/30 is subnetted, 1 subnets C 192.168.4.0 is directly connected, Loopback2 192.168.7.0/32 is subnetted, 1 subnets O 192.168.7.1 [110/11] via 192.168.0.1, 00:00:45, Ethernet0 192.168.0.1 router is not under attack C 192.168.0.0/24 is directly connected, Ethernet0 192.168.1.0/30 is subnetted, 2 subnets C 192.168.1.0 is directly connected, Loopback0 C 192.168.1.4 is directly connected, Loopback1 Francois Ropert Defeating OSPF security mechanisms
IP routing table impact Impact on the network OSPF routing domain impact OSPF routing domain impact OSPF is a tree and not flat Threat level depends of the OSPF and network design Attacker needs to be located between at least two routers Break local area router break your broadcast domain Break ABR (Area Border Router) disrupt neighbors area links Break a router in collapsed core/distribution design break more than your LAN The Network Consultant "‘de base"’ prefers EIGRP Growing companies generally go for EIGRP to OSPF migration due to scaling An attack collateral can lead to BGP epic FAIL Francois Ropert Defeating OSPF security mechanisms
IP routing table impact Impact on the network OSPF routing domain impact OSPF routing domain impact Francois Ropert Defeating OSPF security mechanisms
Demo Part IV Demo Francois Ropert Defeating OSPF security mechanisms
Attack mitigation Part V Attack mitigation Francois Ropert Defeating OSPF security mechanisms
The poor way Attack mitigation Save the planet Weak workarounds Crap way Change OSPF Router-ID on the interface-level command Router-ID has no relation with a physical or loopback interface it will works until miscreant detect it => MouseCat game #sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.0.100 1 INIT/DROTHER 00:00:39 192.168.0.100 Ethernet0 192.168.5.1 1 FULL/DROTHER 00:00:38 192.168.0.100 Ethernet0 What about frequently changes message-digest-key => Mouse and Cat game Root problem still there Francois Ropert Defeating OSPF security mechanisms
The poor way Attack mitigation Save the planet Mitigation techniques No mitigation techniques today offered by the industry Except OSPF version 3 but requirement is .. IPv6 Upgrade or die The design way If customer network is hub and spoke, forget dynamic routing REAL NBMA networks are safe (OSPF HELLO messages can’t be unicast on a switched LAN) Francois Ropert Defeating OSPF security mechanisms
The poor way Attack mitigation Save the planet Annexe F. Ropert MISC magazine 44 - OSPF crypto sequence numbers attack D. Bauer research Understanding OSPF and BGP interactions Using Efficient Design http://www.cs.rpi.edu/ bauerd/wsc-2006/PADS06-BGP- OSPF.pdf 2006 IETF rpsec (Routing Protocol Security) group Security discussions part of RFCs about OSPFv2 MD5 and SHA-1 are updated http://www.ietf.org/html.charters/rpsec-charter.html Francois Ropert Defeating OSPF security mechanisms

Recomendados

Optimal binary search tree
Optimal binary search treeOptimal binary search tree
Optimal binary search treeKavya P
 
Time complexity
Time complexityTime complexity
Time complexityKatang Isip
 
Dynamic programming
Dynamic programmingDynamic programming
Dynamic programmingGopi Saiteja
 
Linear Equation with constant coefficient.pptx
Linear Equation with constant coefficient.pptxLinear Equation with constant coefficient.pptx
Linear Equation with constant coefficient.pptxAnithaSelvakumar3
 
Dfa h11
Dfa h11Dfa h11
Dfa h11Rajendran
 
Morphology gonzalez-woods
Morphology gonzalez-woodsMorphology gonzalez-woods
Morphology gonzalez-woodsSonam Maurya
 
svm classification
svm classificationsvm classification
svm classificationAkhilesh Joshi
 
Instance based learning
Instance based learningInstance based learning
Instance based learningSlideshare
 

Recomendados

Optimal binary search tree
Optimal binary search treeOptimal binary search tree
Optimal binary search treeKavya P
 
Time complexity
Time complexityTime complexity
Time complexityKatang Isip
 
Dynamic programming
Dynamic programmingDynamic programming
Dynamic programmingGopi Saiteja
 
Linear Equation with constant coefficient.pptx
Linear Equation with constant coefficient.pptxLinear Equation with constant coefficient.pptx
Linear Equation with constant coefficient.pptxAnithaSelvakumar3
 
Dfa h11
Dfa h11Dfa h11
Dfa h11Rajendran
 
Morphology gonzalez-woods
Morphology gonzalez-woodsMorphology gonzalez-woods
Morphology gonzalez-woodsSonam Maurya
 
svm classification
svm classificationsvm classification
svm classificationAkhilesh Joshi
 
Instance based learning
Instance based learningInstance based learning
Instance based learningSlideshare
 
fuzzy_measures.ppt
fuzzy_measures.pptfuzzy_measures.ppt
fuzzy_measures.pptJanosBotzheim
 
Randomizing quicksort algorith with example
Randomizing quicksort algorith with exampleRandomizing quicksort algorith with example
Randomizing quicksort algorith with examplemaamir farooq
 
Counting, mathematical induction and discrete probability
Counting, mathematical induction and discrete probabilityCounting, mathematical induction and discrete probability
Counting, mathematical induction and discrete probabilitySURBHI SAROHA
 
The Floyd–Warshall algorithm
The Floyd–Warshall algorithmThe Floyd–Warshall algorithm
The Floyd–Warshall algorithmJosé Juan Herrera
 
Double integration in polar form with change in variable (harsh gupta)
Double integration in polar form with change in variable (harsh gupta)Double integration in polar form with change in variable (harsh gupta)
Double integration in polar form with change in variable (harsh gupta)Harsh Gupta
 
Automata theory -RE to NFA-ε
Automata theory -RE to NFA-εAutomata theory -RE to NFA-ε
Automata theory -RE to NFA-εAkila Krishnamoorthy
 
Sequences and Series (Mathematics)
Sequences and Series (Mathematics) Sequences and Series (Mathematics)
Sequences and Series (Mathematics) Dhrumil Maniar
 
Fundamentos de Computación Cuántica
Fundamentos de Computación CuánticaFundamentos de Computación Cuántica
Fundamentos de Computación Cuánticanuestrocanto
 
Decision tree
Decision treeDecision tree
Decision treeTilani Gunawardena PhD(UNIBAS), BSc(Pera), FHEA(UK), CEng, MIESL
 
Design Patterns in ZK: Java MVVM as Model-View-Binder
Design Patterns in ZK: Java MVVM as Model-View-BinderDesign Patterns in ZK: Java MVVM as Model-View-Binder
Design Patterns in ZK: Java MVVM as Model-View-BinderSimon Massey
 
Anlysis and design of algorithms part 1
Anlysis and design of algorithms part 1Anlysis and design of algorithms part 1
Anlysis and design of algorithms part 1Deepak John
 
Power series convergence ,taylor & laurent's theorem
Power series convergence ,taylor & laurent's theoremPower series convergence ,taylor & laurent's theorem
Power series convergence ,taylor & laurent's theoremPARIKH HARSHIL
 
Master method theorem
Master method theoremMaster method theorem
Master method theoremRajendran
 
Dal caos-ai-sistemi-complessi
Dal caos-ai-sistemi-complessiDal caos-ai-sistemi-complessi
Dal caos-ai-sistemi-complessiimartini
 
20 k-means, k-center, k-meoids and variations
20 k-means, k-center, k-meoids and variations20 k-means, k-center, k-meoids and variations
20 k-means, k-center, k-meoids and variationsAndres Mendez-Vazquez
 
Algorithm chapter 10
Algorithm chapter 10Algorithm chapter 10
Algorithm chapter 10chidabdu
 
Kotlin Coroutines Reloaded
Kotlin Coroutines ReloadedKotlin Coroutines Reloaded
Kotlin Coroutines ReloadedRoman Elizarov
 
minimum spanning trees Algorithm
minimum spanning trees Algorithm minimum spanning trees Algorithm
minimum spanning trees Algorithm sachin varun
 
Bài 4: ARRAY VÀ ARRAYLIST - Giáo trình FPT
Bài 4: ARRAY VÀ ARRAYLIST - Giáo trình FPTBài 4: ARRAY VÀ ARRAYLIST - Giáo trình FPT
Bài 4: ARRAY VÀ ARRAYLIST - Giáo trình FPTMasterCode.vn
 
서버 개발자가 바라 본 Functional Reactive Programming with RxJava - SpringCamp2015
서버 개발자가 바라 본 Functional Reactive Programming with RxJava - SpringCamp2015서버 개발자가 바라 본 Functional Reactive Programming with RxJava - SpringCamp2015
서버 개발자가 바라 본 Functional Reactive Programming with RxJava - SpringCamp2015NAVER / MusicPlatform
 
IETF 80: Security Extensions for OSPF
IETF 80: Security Extensions for OSPFIETF 80: Security Extensions for OSPF
IETF 80: Security Extensions for OSPFmanav416
 
Лекц 15
Лекц 15Лекц 15
Лекц 15Muuluu
 

Más contenido relacionado

La actualidad más candente

Randomizing quicksort algorith with example
Randomizing quicksort algorith with exampleRandomizing quicksort algorith with example
Randomizing quicksort algorith with examplemaamir farooq
 
Counting, mathematical induction and discrete probability
Counting, mathematical induction and discrete probabilityCounting, mathematical induction and discrete probability
Counting, mathematical induction and discrete probabilitySURBHI SAROHA
 
Double integration in polar form with change in variable (harsh gupta)
Double integration in polar form with change in variable (harsh gupta)Double integration in polar form with change in variable (harsh gupta)
Double integration in polar form with change in variable (harsh gupta)Harsh Gupta
 
Sequences and Series (Mathematics)
Sequences and Series (Mathematics) Sequences and Series (Mathematics)
Sequences and Series (Mathematics) Dhrumil Maniar
 
Fundamentos de Computación Cuántica
Fundamentos de Computación CuánticaFundamentos de Computación Cuántica
Fundamentos de Computación Cuánticanuestrocanto
 
Design Patterns in ZK: Java MVVM as Model-View-Binder
Design Patterns in ZK: Java MVVM as Model-View-BinderDesign Patterns in ZK: Java MVVM as Model-View-Binder
Design Patterns in ZK: Java MVVM as Model-View-BinderSimon Massey
 
Anlysis and design of algorithms part 1
Anlysis and design of algorithms part 1Anlysis and design of algorithms part 1
Anlysis and design of algorithms part 1Deepak John
 
Power series convergence ,taylor & laurent's theorem
Power series convergence ,taylor & laurent's theoremPower series convergence ,taylor & laurent's theorem
Power series convergence ,taylor & laurent's theoremPARIKH HARSHIL
 
Master method theorem
Master method theoremMaster method theorem
Master method theoremRajendran
 
Dal caos-ai-sistemi-complessi
Dal caos-ai-sistemi-complessiDal caos-ai-sistemi-complessi
Dal caos-ai-sistemi-complessiimartini
 
20 k-means, k-center, k-meoids and variations
20 k-means, k-center, k-meoids and variations20 k-means, k-center, k-meoids and variations
20 k-means, k-center, k-meoids and variationsAndres Mendez-Vazquez
 
Algorithm chapter 10
Algorithm chapter 10Algorithm chapter 10
Algorithm chapter 10chidabdu
 
Kotlin Coroutines Reloaded
Kotlin Coroutines ReloadedKotlin Coroutines Reloaded
Kotlin Coroutines ReloadedRoman Elizarov
 
minimum spanning trees Algorithm
minimum spanning trees Algorithm minimum spanning trees Algorithm
minimum spanning trees Algorithm sachin varun
 
Bài 4: ARRAY VÀ ARRAYLIST - Giáo trình FPT
Bài 4: ARRAY VÀ ARRAYLIST - Giáo trình FPTBài 4: ARRAY VÀ ARRAYLIST - Giáo trình FPT
Bài 4: ARRAY VÀ ARRAYLIST - Giáo trình FPTMasterCode.vn
 
서버 개발자가 바라 본 Functional Reactive Programming with RxJava - SpringCamp2015
서버 개발자가 바라 본 Functional Reactive Programming with RxJava - SpringCamp2015서버 개발자가 바라 본 Functional Reactive Programming with RxJava - SpringCamp2015
서버 개발자가 바라 본 Functional Reactive Programming with RxJava - SpringCamp2015NAVER / MusicPlatform
 

La actualidad más candente (20)

fuzzy_measures.ppt
fuzzy_measures.pptfuzzy_measures.ppt
fuzzy_measures.ppt
 
Randomizing quicksort algorith with example
Randomizing quicksort algorith with exampleRandomizing quicksort algorith with example
Randomizing quicksort algorith with example
 
Counting, mathematical induction and discrete probability
Counting, mathematical induction and discrete probabilityCounting, mathematical induction and discrete probability
Counting, mathematical induction and discrete probability
 
The Floyd–Warshall algorithm
The Floyd–Warshall algorithmThe Floyd–Warshall algorithm
The Floyd–Warshall algorithm
 
Double integration in polar form with change in variable (harsh gupta)
Double integration in polar form with change in variable (harsh gupta)Double integration in polar form with change in variable (harsh gupta)
Double integration in polar form with change in variable (harsh gupta)
 
Automata theory -RE to NFA-ε
Automata theory -RE to NFA-εAutomata theory -RE to NFA-ε
Automata theory -RE to NFA-ε
 
Sequences and Series (Mathematics)
Sequences and Series (Mathematics) Sequences and Series (Mathematics)
Sequences and Series (Mathematics)
 
Fundamentos de Computación Cuántica
Fundamentos de Computación CuánticaFundamentos de Computación Cuántica
Fundamentos de Computación Cuántica
 
Decision tree
Decision treeDecision tree
Decision tree
 
Design Patterns in ZK: Java MVVM as Model-View-Binder
Design Patterns in ZK: Java MVVM as Model-View-BinderDesign Patterns in ZK: Java MVVM as Model-View-Binder
Design Patterns in ZK: Java MVVM as Model-View-Binder
 
Anlysis and design of algorithms part 1
Anlysis and design of algorithms part 1Anlysis and design of algorithms part 1
Anlysis and design of algorithms part 1
 
Power series convergence ,taylor & laurent's theorem
Power series convergence ,taylor & laurent's theoremPower series convergence ,taylor & laurent's theorem
Power series convergence ,taylor & laurent's theorem
 
Master method theorem
Master method theoremMaster method theorem
Master method theorem
 
Dal caos-ai-sistemi-complessi
Dal caos-ai-sistemi-complessiDal caos-ai-sistemi-complessi
Dal caos-ai-sistemi-complessi
 
20 k-means, k-center, k-meoids and variations
20 k-means, k-center, k-meoids and variations20 k-means, k-center, k-meoids and variations
20 k-means, k-center, k-meoids and variations
 
Algorithm chapter 10
Algorithm chapter 10Algorithm chapter 10
Algorithm chapter 10
 
Kotlin Coroutines Reloaded
Kotlin Coroutines ReloadedKotlin Coroutines Reloaded
Kotlin Coroutines Reloaded
 
minimum spanning trees Algorithm
minimum spanning trees Algorithm minimum spanning trees Algorithm
minimum spanning trees Algorithm
 
Bài 4: ARRAY VÀ ARRAYLIST - Giáo trình FPT
Bài 4: ARRAY VÀ ARRAYLIST - Giáo trình FPTBài 4: ARRAY VÀ ARRAYLIST - Giáo trình FPT
Bài 4: ARRAY VÀ ARRAYLIST - Giáo trình FPT
 
서버 개발자가 바라 본 Functional Reactive Programming with RxJava - SpringCamp2015
서버 개발자가 바라 본 Functional Reactive Programming with RxJava - SpringCamp2015서버 개발자가 바라 본 Functional Reactive Programming with RxJava - SpringCamp2015
서버 개발자가 바라 본 Functional Reactive Programming with RxJava - SpringCamp2015
 

Similar a Defeating OSPF MD5 authentication

IETF 80: Security Extensions for OSPF
IETF 80: Security Extensions for OSPFIETF 80: Security Extensions for OSPF
IETF 80: Security Extensions for OSPFmanav416
 
Лекц 15
Лекц 15Лекц 15
Лекц 15Muuluu
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFMaximilan Wilhelm
 
Routing security - Budapest 2011
Routing security - Budapest 2011Routing security - Budapest 2011
Routing security - Budapest 2011Wardner Maia
 
SAS (Secure Active Switch)
SAS (Secure Active Switch)SAS (Secure Active Switch)
SAS (Secure Active Switch)Security Date
 
First Hop Redundancy Protocols in IPv6 HSRP + GLBP
First Hop Redundancy Protocols in IPv6 HSRP + GLBPFirst Hop Redundancy Protocols in IPv6 HSRP + GLBP
First Hop Redundancy Protocols in IPv6 HSRP + GLBPIT Tech
 
Switch and Router Security Testing
Switch and Router Security TestingSwitch and Router Security Testing
Switch and Router Security TestingConferencias FIST
 
ENSA_Module_2 Packet Tracer - Single-Area OSPFv2 Configuration
ENSA_Module_2 Packet Tracer - Single-Area OSPFv2 ConfigurationENSA_Module_2 Packet Tracer - Single-Area OSPFv2 Configuration
ENSA_Module_2 Packet Tracer - Single-Area OSPFv2 Configurationkecatem465
 
8 steps to protect your cisco router
8 steps to protect your cisco router8 steps to protect your cisco router
8 steps to protect your cisco routerIT Tech
 

Similar a Defeating OSPF MD5 authentication (20)

IETF 80: Security Extensions for OSPF
IETF 80: Security Extensions for OSPFIETF 80: Security Extensions for OSPF
IETF 80: Security Extensions for OSPF
 
Лекц 15
Лекц 15Лекц 15
Лекц 15
 
OSPF by Abdullah Mukhtar
OSPF by Abdullah MukhtarOSPF by Abdullah Mukhtar
OSPF by Abdullah Mukhtar
 
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPFDynamische Routingprotokolle Aufzucht und Pflege - OSPF
Dynamische Routingprotokolle Aufzucht und Pflege - OSPF
 
Labs ospf
Labs ospfLabs ospf
Labs ospf
 
Allwyn ospf ppt
Allwyn ospf pptAllwyn ospf ppt
Allwyn ospf ppt
 
OSPFv2 on IOS XR
OSPFv2 on IOS XROSPFv2 on IOS XR
OSPFv2 on IOS XR
 
Routing security - Budapest 2011
Routing security - Budapest 2011Routing security - Budapest 2011
Routing security - Budapest 2011
 
Ospf
OspfOspf
Ospf
 
SAS (Secure Active Switch)
SAS (Secure Active Switch)SAS (Secure Active Switch)
SAS (Secure Active Switch)
 
Icnd210 s04l01
Icnd210 s04l01Icnd210 s04l01
Icnd210 s04l01
 
First Hop Redundancy Protocols in IPv6 HSRP + GLBP
First Hop Redundancy Protocols in IPv6 HSRP + GLBPFirst Hop Redundancy Protocols in IPv6 HSRP + GLBP
First Hop Redundancy Protocols in IPv6 HSRP + GLBP
 
Ospf
OspfOspf
Ospf
 
JUNOS: OSPF and BGP
JUNOS: OSPF and BGPJUNOS: OSPF and BGP
JUNOS: OSPF and BGP
 
Is is
Is isIs is
Is is
 
Switch and Router Security Testing
Switch and Router Security TestingSwitch and Router Security Testing
Switch and Router Security Testing
 
How to configure the basic OSPF?
How to configure the basic OSPF?How to configure the basic OSPF?
How to configure the basic OSPF?
 
OSPF Authentication
OSPF Authentication OSPF Authentication
OSPF Authentication
 
ENSA_Module_2 Packet Tracer - Single-Area OSPFv2 Configuration
ENSA_Module_2 Packet Tracer - Single-Area OSPFv2 ConfigurationENSA_Module_2 Packet Tracer - Single-Area OSPFv2 Configuration
ENSA_Module_2 Packet Tracer - Single-Area OSPFv2 Configuration
 
8 steps to protect your cisco router
8 steps to protect your cisco router8 steps to protect your cisco router
8 steps to protect your cisco router
 

Defeating OSPF MD5 authentication

  • 1. Defeating OSPF with authentication enabled IPv6 or die Francois Ropert LAN Big One of the year (or not) http://stack.packetfault.org 2008 Francois Ropert Defeating OSPF security mechanisms
  • 2. OSPF insecurity 101 Part I OSPF insecurity 101 Francois Ropert Defeating OSPF security mechanisms
  • 3. OSPF insecurity 101 OSPF attacks state of the art OSPF attacks state of the art Before this paper OSPF attacks on clear-text OSPF messages exchanges: insertion/remove/modify routes Past attacks mitigation => OSPF MD5 authentication interface Ethernet0 ip address 192.168.0.101 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 GotBlackholeDbyOSPF Note: Whatever routing protocol used, routing updates authentication are not Confidentiality (CIA) Francois Ropert Defeating OSPF security mechanisms
  • 4. OSPF attack Part II OSPF attack Francois Ropert Defeating OSPF security mechanisms
  • 5. OSPF Today Attack 101 OSPF attack OSPF attack OSPF Today Attack The attack steps Disrupt OSPF router on a switched LAN segment Only for OSPF HELLO messages. LS messages use Sequence authentication but not the same algorithm Packets replayed over LAN are those sent by other alive routers Timeframe attack in the best case (for the victim) Not timeframe in the worst case Attack blackhole the network Francois Ropert Defeating OSPF security mechanisms
  • 6. OSPF Today Attack 101 OSPF attack OSPF attack OSPF header and cryptography part OSPF Header OSPF Version: 2 Message Type: Hello Packet (1) Packet Length: 48 Source OSPF Router: 192.168.0.100 (192.168.0.100) Area ID: 0.0.0.0 (Backbone) Auth Type: Cryptographic Auth Key ID: 1 Auth Data Length: 16 Auth Crypto Sequence Number: 0x2b9542ad Auth Data: 038473959C37C62A7B60D1128212B81E Francois Ropert Defeating OSPF security mechanisms
  • 7. OSPF Today Attack 101 OSPF attack OSPF attack OSPF Hello header OSPF Hello Packet Network Mask: 255.255.255.0 Hello Interval: 10 seconds ... Router Dead Interval: 40 seconds Designated Router: 192.168.0.101 Backup Designated Router: 192.168.0.100 Active Neighbor: 192.168.0.101 Auth Data (previous slide) is placed after Active Neighbors in the Ethernet frame Francois Ropert Defeating OSPF security mechanisms
  • 8. OSPF Today Attack 101 OSPF attack OSPF attack OSPFv2 HELLO packets HELLO packet ? "Router is present and ready to receive/send Link state(LS) messages" Adjacency need to be bi-directional in order to begin LS packets exchange Francois Ropert Defeating OSPF security mechanisms
  • 9. OSPF Today Attack 101 OSPF attack OSPF attack OSPFv2 HELLO packets HELLO packets and MD5 Packets with higher sequence number will be processed Packet with lower sequence number will be discarded or not Sequence number can’t be changed before injecting packet because it will break authentication data sequence ˆ Sequence number are circular and restart to 0: 232 and step of 4 Sequence number are reset to 0 when reboot is done on some OSPF software implementations Sequence check rely on RID not on IP source address => IP spoofing is useless Replayed packet can works everywhere the password and RID are the same Francois Ropert Defeating OSPF security mechanisms
  • 10. OSPF Today Attack 101 OSPF attack OSPF attack OSPF adjacency before attack 192.168.0.101#sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.0.100 1 FULL/DROTHER 00:00:31 192.168.0.100 Ethernet0 192.168.0.1 1 FULL/DR 00:00:34 192.168.0.1 Ethernet0 Francois Ropert Defeating OSPF security mechanisms
  • 11. OSPF Today Attack 101 OSPF attack OSPF attack Breaking an adjacency When breaking an adjacency ? When the Auth crypto seqnumber is very high and before rollover It’s easy in a lab environment Pull the plug or shutdown an interface At least for 40 seconds (default DEAD interval) waiting clearing of Active Neighbor list (Victim’s router) Be smart ass in production environment DoS, Cisco IOS HTTP Administrative Interface CSRF Vulnerability, etc... Francois Ropert Defeating OSPF security mechanisms
  • 12. OSPF Today Attack 101 OSPF attack OSPF attack OSPF adjacency after break DEAD time is refreshed each time we sent a packet over the wire Router is not flagged DOWN but stuck in INIT A router is going DOWN when Layer 1 is broken In the attack, Layer 1 is connected and stable but it deny router to get something else Router will never get 2WAY state which need to be bidirectional in order to exchange DBD (Database Descriptors) packets Prevent a router from sending LS packets #sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.0.100 1 INIT/DROTHER 00:00:39 192.168.0.100 Ethernet0 192.168.0.1 1 FULL/DR 00:00:35 192.168.0.1 Ethernet0 Francois Ropert Defeating OSPF security mechanisms
  • 13. OSPF Today Attack 101 OSPF attack OSPF attack OSPF adjacency after attack When the miscreant is done, the attack is stopped and adjacency comes back after dead interval The OSPF neighbor go to Init => Down => Init => 2-Way => Exstart => Exchange => Loading => Full 192.168.0.101#sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.0.100 1 FULL/DROTHER 00:00:38 192.168.0.100 Ethernet0 192.168.0.1 1 FULL/DR 00:00:36 192.168.0.1 Ethernet0 Francois Ropert Defeating OSPF security mechanisms
  • 14. Impact on the network Part III Impact on the network Francois Ropert Defeating OSPF security mechanisms
  • 15. IP routing table impact Impact on the network OSPF routing domain impact IP routing table impact Routes learned from the victim’s router are cleared 192.168.5.0/32 Routers learned from other OSPF routers still in the IP routing table 192.168.4.0/30 is subnetted, 1 subnets C 192.168.4.0 is directly connected, Loopback2 192.168.7.0/32 is subnetted, 1 subnets O 192.168.7.1 [110/11] via 192.168.0.1, 00:00:45, Ethernet0 192.168.0.1 router is not under attack C 192.168.0.0/24 is directly connected, Ethernet0 192.168.1.0/30 is subnetted, 2 subnets C 192.168.1.0 is directly connected, Loopback0 C 192.168.1.4 is directly connected, Loopback1 Francois Ropert Defeating OSPF security mechanisms
  • 16. IP routing table impact Impact on the network OSPF routing domain impact OSPF routing domain impact OSPF is a tree and not flat Threat level depends of the OSPF and network design Attacker needs to be located between at least two routers Break local area router break your broadcast domain Break ABR (Area Border Router) disrupt neighbors area links Break a router in collapsed core/distribution design break more than your LAN The Network Consultant "‘de base"’ prefers EIGRP Growing companies generally go for EIGRP to OSPF migration due to scaling An attack collateral can lead to BGP epic FAIL Francois Ropert Defeating OSPF security mechanisms
  • 17. IP routing table impact Impact on the network OSPF routing domain impact OSPF routing domain impact Francois Ropert Defeating OSPF security mechanisms
  • 18. Demo Part IV Demo Francois Ropert Defeating OSPF security mechanisms
  • 19. Attack mitigation Part V Attack mitigation Francois Ropert Defeating OSPF security mechanisms
  • 20. The poor way Attack mitigation Save the planet Weak workarounds Crap way Change OSPF Router-ID on the interface-level command Router-ID has no relation with a physical or loopback interface it will works until miscreant detect it => MouseCat game #sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 192.168.0.100 1 INIT/DROTHER 00:00:39 192.168.0.100 Ethernet0 192.168.5.1 1 FULL/DROTHER 00:00:38 192.168.0.100 Ethernet0 What about frequently changes message-digest-key => Mouse and Cat game Root problem still there Francois Ropert Defeating OSPF security mechanisms
  • 21. The poor way Attack mitigation Save the planet Mitigation techniques No mitigation techniques today offered by the industry Except OSPF version 3 but requirement is .. IPv6 Upgrade or die The design way If customer network is hub and spoke, forget dynamic routing REAL NBMA networks are safe (OSPF HELLO messages can’t be unicast on a switched LAN) Francois Ropert Defeating OSPF security mechanisms
  • 22. The poor way Attack mitigation Save the planet Annexe F. Ropert MISC magazine 44 - OSPF crypto sequence numbers attack D. Bauer research Understanding OSPF and BGP interactions Using Efficient Design http://www.cs.rpi.edu/ bauerd/wsc-2006/PADS06-BGP- OSPF.pdf 2006 IETF rpsec (Routing Protocol Security) group Security discussions part of RFCs about OSPFv2 MD5 and SHA-1 are updated http://www.ietf.org/html.charters/rpsec-charter.html Francois Ropert Defeating OSPF security mechanisms