OSPF协议脆弱性分析与检测系统的设计和实现

doi:10.3969/j.issn.1000-436x.2013.Z2.012

Journal on Communications ›› 2013, Vol. 34 ›› Issue (Z2): 58-63.doi: 10.3969/j.issn.1000-436x.2013.Z2.012

• Network and Information Security • Previous Articles Next Articles

Design and implementation of OSPF vulnerability analysis and detection system

Zun-ying QIN^1,²,Guo-dong LI^1,³,Wei LI^2,³,Xu-chang HUANG²

¹ Center of Network,Xi’an Jiaotong University,Xi’an 710049,China
² School of Electronic and Information Engineering,Xi’an Jiaotong University,Xi’an 710049,China
³ Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory,Shijiazhuang 050081,China

Online:2013-12-25 Published:2017-06-16
Supported by:
The Open Subject of Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory

Abstract

Abstract:

A universal and multi-mode OSPF vulnerability detection system was designed based on analysis and research of OSPF vulnerability.The system implements denial of service attack model with the method of forging entity router and man-in-middle attack model with zero-copy technology.The method combining SNMP and bypass monitoring was adopted to achieve real-time monitoring of test results.Finally,the system proves the vulnerability of different types of routing equipments in the test environment and the vulnerability hazards were analyzed quantitatively.

Key words: OSPF, LSA, vulnerability attack model, routing attack, vulnerability detection

Zun-ying QIN,Guo-dong LI,Wei LI,Xu-chang HUANG. Design and implementation of OSPF vulnerability analysis and detection system[J]. Journal on Communications, 2013, 34(Z2): 58-63.

Figures/Tables 7

References 9

[1]	HARTMAN S , ZHANG D . Analysis of OSPF Security According to KARP Design Guide[S]. 2011.
[2]	JAVVIN . TCP/IP network vulnerability and security[EB/OL]. .
[3]	JONES E , MOIGNE O . OSPF Security Vulnerabilities Analysis[S]. 2006.
[4]	BARBIR A , MURPHY S , YANG Y . Threats to Routing Protocols[S]. RFC 4593, 2006.
[5]	MOY J . OSPF Version 2[S]. 1998.
[6]	陈海燕, 季仲梅, 李鸥等 . OSPF 路由协议安全性分析及其攻击检测[J]. 微计算机信息, 2005,5: 234-235. CHEN H Y , JI Z M , LI O ,et al. OSPF routing protocol security analysis and attacks detection[J]. Microcomputer Information, 2005,5: 234-235.
[7]	蔡朝权 . OSPF 路由协议的攻击分析与安全防范[J]. 计算机工程与技术, 2007,28(23): 5618-5620. CAI Z Q . OSPF routing protocol attacks analysis and security precaution[J]. Computer Engineering, 2007,28(23): 5618-5620.
[8]	高峥, 李林涛 . OSPF 协议安全性分析[J]. 黑龙江科技信息, 2011,11:78. GAO Z , LI L T . OSPF protocol security analysis[J]. Heilongjiang Science and Technology Information, 2011,11:78.
[9]	VETTER B , WANG F , WU S.F . An experimental study of insider attacks for OSPF routing protocol[A]. IEEE 1997 International Conference on Network Protocols[C]. Atlanta,Georgia,USA, 1997. 293-300.

Metrics

Recommended 0

No Suggested Reading articles found!

函数名	说明
ospf_make_hello	伪造Hello报文，将DR和BDR字段清零，井设置高优先级
ospf_make_fake_ls_req	伪造LSR报文井发送
lsa_related_attack	与 LSA 相关的攻击，包括序列号加 1、最大序列号、最大年龄

序号	被检测攻击类型	检测结果
1	DR/BDR篡改攻击	2种测试环境下均无效
2	LSR报文伪造攻击	2种测试环境下均无效
3	序列号加1攻击	2种测试环境下均有效
4	最大序列号攻击	2种测试环境下均有效
5	最大年龄攻击	锐捷路由器有效，思科路由器无效
6	中间人攻击	2种测试环境下均有效

Design and implementation of OSPF vulnerability analysis and detection system

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 7

References 9

Related Articles 9

Metrics

Recommended 0

[1]	Jiawei QIN, Hua ZHANG, Hanbing YAN, Nengqiang HE, Tengfei TU. Research on context-aware Android application vulnerability detection [J]. Journal on Communications, 2021, 42(11): 13-27.
[2]	De-guang LE,Sheng-rong GONG,Shao-gang WU,Feng XU,Wen-sheng LIU. Research on RTF array overflow vulnerability detection [J]. Journal on Communications, 2017, 38(5): 96-107.
[3]	. Design and implementation of OSPF vulnerability analysis and detection system [J]. Journal on Communications, 2013, 34(Z2): 12-63.
[4]	Ting HAN,Shou-shan LUO,Yang XIN,Yi-xian YANG,Gong CHENG,Xiao WU. Study on security routing algorithm based on dynamic adjacent trust [J]. Journal on Communications, 2013, 34(6): 191-200.
[5]	. Study on security routing algorithm based on dynamic adjacent trust [J]. Journal on Communications, 2013, 34(6): 23-200.
[6]	Long-fei WANG,Xing-wei WANG,Min HUANG. QoS rerouting mechanism for SON [J]. Journal on Communications, 2012, 33(Z2): 280-289.
[7]	Sheng-quan LIAO,Chun-ming WU,Bin WANG,ming JIANG. Research on energy-saving method based on reconfigurable network architecture [J]. Journal on Communications, 2012, 33(9): 77-84.
[8]	Jian LI,Ai-ping YANG,Wan-yi GU,Jie ZHANG. Novel ASON routing implementation [J]. Journal on Communications, 2006, 27(6): 72-80.
[9]	Feng ZHAO,Bao-sheng WANG,Ze-xin LU,Ya-ping LIU. Impact of non-cut link failures on network traffic [J]. Journal on Communications, 2006, 27(11A): 184-188.