Route Injection

The recent growth of all corporate network infrastructure has brought with it a corresponding increased reliance on the network infrastructure which makes it all possible. Routing protocols like RIPv2, EIGRP, BGP and OSPFv2 form the very heart of this infrastructure. Until recently security of these protocols has not been fully emphasized .However there is a growing awareness of the potential consequences of attacks aimed the infrastructure, particularly the routing protocols.

Security of intra AS routing protocols and preventing attacks on these protocols especially insider attacks is very important topic. “Insider means a trusted entity participating the routing information exchange process. For example, an evil system administrator could misconfigure a router such that the network performance is seriously affected.

Attack Vectors

First to attack be successful the hacker should have access to legitimate router in an arbitrary location, second to know the MD5 shared secrets on the attached links – the goal for hacker is to control routing tables of other routers in the AS. There is a several know attacks:

Falsifying self LSAs

  • Falsify cost to an existing neighbor but this attack has very limited effect;
  • Advertise links to networks outside the AS;
  • Advertise links to stub networks;
  • Advertise links to transit networks or existing routers;

Falsifying other routers’ LSAs

  • Known examples: Seq++, MaxSeq
  • Triggers immediate fight back
    • A non-persistent attack
    • Not very stealthy

Impersonating a phantom router

  • Overwhelming the DB LSA with garbage LSAs
  • Does not have an affect on the routing table

Periodic Injection the only one attack that evades “fight – back “

Uses vulnerability in OSPF router cannot flood an LSA more than once per MinLSInterval (5 sec by default ) according to RFC2328 false LSA is flooded by the victim and only then a fight-back is sent  the effect is that false LSA is repeatedly advertised at a high rate, the victim cannot advertise its “fight-back” LSA.

In all this attacks hacker injects a false routing information and his goal is to disrupt transmission over core network or to bring down all communications.

Mitigations

Mitigation of such type of attacks is not easy task because they exploit fundamental vulnerability in routing protocols so mitigation can be achieved only by using layered approach, using different password for all links, applying software patches, using access list and using crypto mechanisms to protect routing information.