The holy grail of routing attacks is owning the routing table of a router. In this work we present a powerful OSPF attack that exploit a newly discovered ambiguity of the OSPF protocol -- the most popular routing protocol inside autonomous systems (AS). The attack allows an attacker who gained control over just a single router in an AS to control the routing tables of all other routers in that AS. The attack may be utilized to induce black holes, network cuts or longer routes in order to facilitate DoS of the routing domain or to gain access to information flows which otherwise the attacker had no access to. The attack can also be used to easily DoS a victim router using a single packet. A multi-vendor effort is now under way to fix this vulnerability which currently inflict many of today's OSPF routers. This work is a sequel to the work "Owning the Routing Table" we presented at Black Hat USA 2011.
This is a joint work with Eitan Menahem, Yuval Elovici and Ariel Waizel of Telekom Innovation Laboratories at Ben Gurion University.