OSPF vulnerability to persistent poisoning attacks: a systematic analysis

Nakibly, G., Sosnovich, A., Menahem, E., Waizel, A., Elovici, Y.

ACSAC '14 Proceedings of the 30th Annual Computer Security Applications Conference Pages 336-345

Open Shortest Path First (OSPF) is one of the most widely deployed interior gateway routing protocols on the Internet. The most common attack vector against OSPF is spoofing of routing advertisements on behalf of a remote router. OSPF employs a self-defense “fight-back” mechanism that quickly reverts the effects of such attacks. Nonetheless, some attacks that evade the fight-back mechanism have been discovered, making it possible to persistently falsify routing advertisements. This type of attacks are the most serious threat to a routing protocol since they allow an attacker to gain persistent control over how traffic is routed throughout the network. This shows that despite its maturity, the OSPF specification is not without security flaws and may have still-unknown vulnerabilities. In this work we systematically analyze — manually and by formal verification — the OSPF specification for additional vulnerabilities in the fight-back mechanism. Our analysis uncovered a fundamental security flaw in OSPF that allows a simple means for an attacker to evade the fight-back mechanism. Most major router vendors acknowledged the existence of this vulnerability in their products. Fortunately, our analysis strongly indicates that no other vulnerabilities in the fight-back mechanism are likely to exist.