Exploiting OSPF authentication to inject malicious routing updates -- 2

I want you to prepare a screen recording of this attack along with a audio commentary in English. Exploiting OSPF authentication to inject malicious routing updates 1. Preparing a router 2. Choice of attack technique (e.g. LSA falsification) 3. Vulnerability selection (e.g. MD5 packet authentication) 4. Preparing a malicious routing update 5. Injecting the update and causing the planned effect Attacker: This definition includes: 1) any OSPF router that has been taken over 2) any malware capable of interacting with the OSPF routing domain 3) any defective or misconfigured legitimate OSPF peer. From a security perspective, this paper consolidates all possible OSPF situations into two opposing scenarios. The first scenario requires that OSPF Cryptographic Authentication or Simple Password Authentication must be present on all links in the routing domain. The second scenario occurs when Null Authentication is adopted. If one link is not protected, then the entire routing domain becomes potentially vulnerable; if an attacker is able to obtain even a single copy of any OSPF message, then the authentication provided by Simple Password is compromised and the security of the entire routing domain is compromised. The security of the entire routing domain drops immediately in the second scenario. In the first scenario using Cryptographic Authentication, there are two types of entities that can attack or pose threats: insiders and outsiders. An attacking entity is considered an insider if it is in possession of the secret key for any OSPF Cryptographic Authentication session either through: cryptanalysis, social engineering, extortion, or access to compromised/subverted routing resources. This also includes threats from malfunctioning or misconfigured OSPF routers. Vulnerabilities and attack vectors: [login to view URL] [login to view URL] Example scenario: Route spoofing: First, the attacker sets up a virtual machine a VM with the same IP address as the victim's website, and the gateway of this VM is configured to the attacker's IP. Second, the attacker uses adjacency spoofing attack to make the attacker's computer an edge router to join the whole OSPF network. Third, the attacker distributes fake LSAs to the OSPF network. All routers forward the url requests of the attacker's site in the campus network to the spoofed edge router. Finally, the attacker forwards these url requests to a virtual machine with the same IP address as the real site. Route spoofing is very dangerous for the spoofed site because the IP address of the spoofed site is the same as the IP address of the real site.