OSPF Vulnerability - Owning the Routing Table

Jeff Tantsura jeff.tantsura at ericsson.com
Mon Aug 5 01:10:47 UTC 2013

Agree, that't why using p2p has been mentioned as BCP in networking "howto's" for at least last 10 years.


On Aug 4, 2013, at 3:14 AM, "Saku Ytti" <saku at ytti.fi> wrote:

> On (2013-08-04 05:01 -0500), Jimmy Hess wrote:
>> I would say the risk score of the advisory is overstated.   And if you
>> think "ospf is secure" against LAN activity after any patch,  that
>> would be wishful thinking. Someone just rediscovered one of the
>> countless innumerable holes in the back of the cardboard box and tried
>> covering it with duck tape...
> I tend to agree. OTOH I'm not 100% sure if it's unexploitable outside LAN
> via unicast OSPF packets.
> But like you say MD5 offers some level of protection. I wish there would be
> some KDF for IGP KARP so that each LSA would actually have unique
> not-to-be-repeated password, so even if someone gets copy of one LSA and
> calculates out the MD5 it won't be relevant anymore.
> L2 is very dangerous in any platform I've tried, access to L2 and you can
> usually DoS the neighbouring router, even when optimally configured
> CoPP/Lo0 filter.
> -- 
>  ++ytti

More information about the NANOG mailing list