Exploit #3 - Creating a Data-Traffic Loop Vulnerability: Modifying External LSA Forwarding Field [3.2.4.6] Pre-Condition: Being able to inject valid OSPF messages Weak MD5 key choice/Compromised Router No Cryptographic Authentication, etc… E-Bit Enabled on advertising peer’s Router LSA Change Forwarding Address 0.0.0.0 to a router (host) in any Stub Area Possible Impact: Data never gets to its destination because it is stuck in a loop. Outgoing External Traffic forwarded to a Stub Area router (host) will LOOP between the ABR and its next hop towards the forwarding point. [RFC 2328, 3.6] |