面向OSPF脆弱点的分节点污染方法研究
|
摘要
为了研究OSPF协议某脆弱点的污染范围和效果,对OSPF协议的安全机制和已知脆弱点进行了研究,分析了对当前OSPF协议危害极大的一种脆弱点。针对该脆弱点的污染范围和效果,提出了一种节点分类和脆弱点分节点污染方法,分析总结出在已知源节点和目标节点的前提下污染路径的生成树确定方法,并利用分节点污染方法在GNS3平台上对多区域自治域进行了仿真测试和分析,对比总结了网络拓扑和目标路由器位置的选择变化对整个自治域网络污染范围和效果的影响。仿真实验表明,面向OSPF协议某脆弱点的分节点污染方法能够有效分析出整个网络拓扑以及目标节点位置对最终污染范围和效果的影响,有助于对安全网络拓扑设计。最后针对该脆弱点及其污染特征,提出了相应的防范措施。
In order to research the pollution range and effect of a weak point of OSPF,the security mechanism of OSPF protocol and the known vulnerability are studied,and the current OSPF protocol is widely concerned with a vulnerable point.For this,we propose a kind of node classification and pollution method with diverging nodes injected.Then a method for determining the spanning tree of pollution path on the premise of known source node and target node is summarized with analysis.The pollution method with diverging node injected is used on GNS3 platform for simulation test and research in multi-area autonomous system. The comparison summarizes the effect of the network topology and selection of target router location on the network pollution range. Simulation experiments showthat the pollution method with diverging node injected for OSPF protocol can effectively analyze the entire network topology and the target node location for the effects of the pollution range,helpful for the design of security network topology.Finally,we put forward the countermeasures for the vulnerability and its pollution characteristics.
In order to research the pollution range and effect of a weak point of OSPF,the security mechanism of OSPF protocol and the known vulnerability are studied,and the current OSPF protocol is widely concerned with a vulnerable point.For this,we propose a kind of node classification and pollution method with diverging nodes injected.Then a method for determining the spanning tree of pollution path on the premise of known source node and target node is summarized with analysis.The pollution method with diverging node injected is used on GNS3 platform for simulation test and research in multi-area autonomous system. The comparison summarizes the effect of the network topology and selection of target router location on the network pollution range. Simulation experiments showthat the pollution method with diverging node injected for OSPF protocol can effectively analyze the entire network topology and the target node location for the effects of the pollution range,helpful for the design of security network topology.Finally,we put forward the countermeasures for the vulnerability and its pollution characteristics.
引文
[1]梅鸿翔.OSPF路由协议的安全性评测研究[D].成都:电子科技大学,2010.
[2]王先培,文云冬,高志新,等.OSPF路由协议的脆弱性分析[J].武汉大学学报:工学版,2004,37(3):98-101.
[3]SANGROHA D,GUPTA V.Analyzer router:an approach to detect and recover from OSPF attacks[C]//International symposium on security in computing and communication.Berlin:Springer,2014:370-378.
[4]LI Meng,JING Quanliang,YAO Zhongjiang,et al.On the prevention of invalid route injection attack[C]//International conference on intelligent information processing.Hanzhou,China:[s.n.],2014:294-302.
[5]SOSNOVICH A,GRUMBERG O,NAKIBLY G.Finding security vulnerabilities in a netw ork protocol using parameterized systems[C]//International conference on computer aided verification.[s.l.]:[s.n.],2013:724-739.
[6]WANG Minghao.The security analysis and attacks detection of OSPF routing protocol[C]//7th international conference on intelligent computation technology and automation.Changsha,China:IEEE,2014:836-839.
[7]DIWAN D,NARANG V K,SINGH A K.Security mechanism in RIPv2,EIGRP and OSPF for campus netw ork-a review[J].International Journal of Computer Science Trends and Technology,2017,5(2):399-404.
[8]SHEN N,AGGARWAL R,SHAFFER S.Extensions to OSPF for advertising optional router capabilities[J].Work in Progress,2007,11(3):82-89.
[9]蔡昭权.OSPF路由协议的攻击分析与安全防范[J].计算机工程与设计,2007,28(23):5618-5620.
[10]NAKIBLY G,MENAHEM E,WAIZEL A,et al.Owing the routing table part2[R].USA:Black Hat,2013.
[11]夏云峰.基于OSPF路由协议的路由欺骗分析[D].南京:东南大学,2014.
[12]周轩,王永杰,覃志波.OSPF协议漏洞机理及其防范措施[J].指挥信息系统与技术,2015,6(5):40-45.
[13]NAKIBLY G,MENAHEM E.OSPF vulnerability to persistent poisoning attacks:a systematic analysis[C]//Proceedings of the 30th annual computer security applications conference.New Orleans,Louisiana,USA:ACM,2014:336-345.
[14]钟廷龙,李鑫,郭云飞.OSPF路由协议安全性分析[J].微计算机信息,2005,24:15-17.
[15]MOY J.OSPF version 2[S].[s.l.]:IETF,1998.
[16]NAKIBLY G,KIRSHON A,GONIKMAN D,et al.Persistent OSPF attacks[C]//Proceedings of the 19th annual netw ork and distributed system security symposium.[s.l.]:[s.n.],2012.
[2]王先培,文云冬,高志新,等.OSPF路由协议的脆弱性分析[J].武汉大学学报:工学版,2004,37(3):98-101.
[3]SANGROHA D,GUPTA V.Analyzer router:an approach to detect and recover from OSPF attacks[C]//International symposium on security in computing and communication.Berlin:Springer,2014:370-378.
[4]LI Meng,JING Quanliang,YAO Zhongjiang,et al.On the prevention of invalid route injection attack[C]//International conference on intelligent information processing.Hanzhou,China:[s.n.],2014:294-302.
[5]SOSNOVICH A,GRUMBERG O,NAKIBLY G.Finding security vulnerabilities in a netw ork protocol using parameterized systems[C]//International conference on computer aided verification.[s.l.]:[s.n.],2013:724-739.
[6]WANG Minghao.The security analysis and attacks detection of OSPF routing protocol[C]//7th international conference on intelligent computation technology and automation.Changsha,China:IEEE,2014:836-839.
[7]DIWAN D,NARANG V K,SINGH A K.Security mechanism in RIPv2,EIGRP and OSPF for campus netw ork-a review[J].International Journal of Computer Science Trends and Technology,2017,5(2):399-404.
[8]SHEN N,AGGARWAL R,SHAFFER S.Extensions to OSPF for advertising optional router capabilities[J].Work in Progress,2007,11(3):82-89.
[9]蔡昭权.OSPF路由协议的攻击分析与安全防范[J].计算机工程与设计,2007,28(23):5618-5620.
[10]NAKIBLY G,MENAHEM E,WAIZEL A,et al.Owing the routing table part2[R].USA:Black Hat,2013.
[11]夏云峰.基于OSPF路由协议的路由欺骗分析[D].南京:东南大学,2014.
[12]周轩,王永杰,覃志波.OSPF协议漏洞机理及其防范措施[J].指挥信息系统与技术,2015,6(5):40-45.
[13]NAKIBLY G,MENAHEM E.OSPF vulnerability to persistent poisoning attacks:a systematic analysis[C]//Proceedings of the 30th annual computer security applications conference.New Orleans,Louisiana,USA:ACM,2014:336-345.
[14]钟廷龙,李鑫,郭云飞.OSPF路由协议安全性分析[J].微计算机信息,2005,24:15-17.
[15]MOY J.OSPF version 2[S].[s.l.]:IETF,1998.
[16]NAKIBLY G,KIRSHON A,GONIKMAN D,et al.Persistent OSPF attacks[C]//Proceedings of the 19th annual netw ork and distributed system security symposium.[s.l.]:[s.n.],2012.