东南大学硕士学位论文
IV
ABSTRACT
Routing protocol is the core of network infrastructure. OSPF routing protocol is a kind of
interior gateway routing protocols, which is widely used at present. In this paper, the security
of OSPF protocol is studied, and four new attack methods are proposed based on the analysis
of OSPF protocol security mechanism and attack methods that exist. The method of these
attacks injects malicious LSAs(link state advertisements)by different ways, modifies the
routing tables of routers, finally realizes route spoofing. An OSPF penetration testing system is
developed in this paper at the same time. The system can be used for security testing of OSPF
networks. The work of this paper is as follows:
1. Adjacency spoofing attack is proposed. The attack is mainly aimed at the scenario that
the border routers of OSPF networks are not set as passive interface. The attacker is
access to OSPF networks by disguising as a legitimate router and injects malicious
LSAs. Web spoofing、password sniffing、man-in-the-middle attack、DNS spoofing,
etc are realized by the attack method.
2. Double LSA remote multi-injection attack is proposed.The attack is mainly aimed at
the scenario that the attacker obtains router topology and parameters of networks, it
injects two malicious LSAs by remote routers. Comparing with Double LSA injection
attack proposed by Nakibly et al, it can evade “fight-back” mechanism, and increase
contaminated area at the same time. The attack not only can realize web spoofing、
password sniffing, etc, but also can control the middle of the transmission path of data
traffic.
3. Single path injection attack is proposed. Under the scenario same as the second attack,
the attacker finds a pair of routers that meet the condition of single path, chooses the
springboard router, injects a malicious LSA by its identity. The attack just needs inject
a LSA to evade “fight-back” mechanism. Traffic black-hole can be realized by the
attack, causing parts of networks paralytic.
4. Remote adjacency spoofing attack is proposed. We design a method to detect running
parameters of remote routers. False adjacency relation can be established by the
method, finally malicious LSAs are injected by the identity of phantom routers to
realize traffic black-hole. Comparing with above three attacks, the attack is used in
more scenarios, it can be realized in the scenario that the attacker doesn’t obtain router
topology and parameters of networks.
评论0