OSV: OSPF VULNERABILITY CHECKING TOOL

摘要

OSPF is one of a widely deployed intra-domain routing protocol in enterprise network operation around the world. As the protocol itself was introduced about two decades ago, it contains many known attacks which some of them can be patched by a newer version of the router firmware. Nevertheless, a reckless or a poor practice of network operator could jeopardize the system by forgetting to enable the OSPF authentication or use a password that can be easily guessed. Moreover, a lot of routers that still in operating out there are running with the out-of-date firmware, which surely contains security holes. Attacks on routing protocol could lead to severe damage to the network. In this paper, we introduce OSV as a tool to detect the OSPF network vulnerability by checking password strength and performing ten penetration testing against the target OSPF network. OSV also generates a report to inform any vulnerability found to help the network operator detect their security issues. We confirm the validation and the performance of OSV tool by testing it with Quagga and Cisco routers.