Owning the Routing Table –

Open Shortest Path First (OSPF) is the most popular interior gateway routing protocol on the Internet. Most of the known OSPF attacks are based on falsifying the link state advertisement (LSA) of an attacker-controlled router. These attacks may create serious damage if the attacker-controlled router is strategically located. However, these attacks can only falsify a small portion of the routing domain's topology; hence their effect is usually limited. More powerful attacks are the ones that affect LSAs of other routers not controlled by the attacker. However, these attacks usually trigger the ``fight-back" mechanism by the victim router which advertises a correcting LSA, making the attacks' effect non-persistent. In this work we present new attacks that exploit design vulnerabilities in the protocol specification. These new attacks can affect the LSAs of routers not controlled by the attacker while evading ``fight-back". These attacks afford an attacker a greater power to persistently falsify large portions of the routing domain's topology. This allows an attacker to effectively own the routing tables of the routers in the AS without actually owning the routers themselves. This may be utilized to induce routing loops, network cuts or longer routes in order to facilitate DoS of the routing domain or to gain access to information flows which otherwise the attacker had no access to. The main implication of this work is the new recognition that by controlling a single router the attacker can control the entire routing domain.