通信学报 ›› 2013, Vol. 34 ›› Issue (Z2): 58-63.doi: 10.3969/j.issn.1000-436x.2013.Z2.012

• 网络与信息安全 • 上一篇    下一篇

OSPF协议脆弱性分析与检测系统的设计和实现

罩遵颖1,2,李国栋1,3,李卫2,3,黄旭昌2   

  1. 1 西安交通大学 网络中心,陕西 西安 710049
    2 西安交通大学 电子与信息工程学院,陕西 西安 710049
    3 通讯网信息传输与分发技术重点实验室,河北 石家庄 050081
  • 出版日期:2013-12-25 发布日期:2017-06-16
  • 基金资助:
    通信网信息传输与分发技术重点实验室开放课题基金资助项目

Design and implementation of OSPF vulnerability analysis and detection system

Zun-ying QIN1,2,Guo-dong LI1,3,Wei LI2,3,Xu-chang HUANG2   

  1. 1 Center of Network,Xi’an Jiaotong University,Xi’an 710049,China
    2 School of Electronic and Information Engineering,Xi’an Jiaotong University,Xi’an 710049,China
    3 Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory,Shijiazhuang 050081,China
  • Online:2013-12-25 Published:2017-06-16
  • Supported by:
    The Open Subject of Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory

摘要:

在分析和研究OSPF协议脆弱性的基础上,设计实现了一个通用的、多模式的OSPF协议脆弱性检测系统,包括了使用伪造实体路由器方法实现拒绝服务攻击模型和使用零拷贝技术实现中间人攻击模型,井采用SNMP和旁路监听相结合的方法实现了检测结果的实时监控。最后,在测试环境中对不同种类的路由设备进行了脆弱性验证,井对脆弱性的危害进行了定量的分析。

关键词: OSPF, LSA, 脆弱性攻击模型, 路由攻击, 脆弱性检测

Abstract:

A universal and multi-mode OSPF vulnerability detection system was designed based on analysis and research of OSPF vulnerability.The system implements denial of service attack model with the method of forging entity router and man-in-middle attack model with zero-copy technology.The method combining SNMP and bypass monitoring was adopted to achieve real-time monitoring of test results.Finally,the system proves the vulnerability of different types of routing equipments in the test environment and the vulnerability hazards were analyzed quantitatively.

Key words: OSPF, LSA, vulnerability attack model, routing attack, vulnerability detection