Periodic Injection When a legitimate owner receives a malicious copy of its own LSAs: SINCE the malicious LSA has higher sequence number a copy of the LSA is already present in the LinkStateDB and this copy was not received by flooding but installed by the router itself THEN Flood the malicious LSA and AFTER check ownership THEN TRY to update the malicious LSA [RFC 2328, 13, p.143-6] Why try? Because a router cannot inject two same LSAs faster than MinLSInterval (5 seconds) BUT it will immediately flood any LSA received. [RFC 2328, 12.4, p.125] If the attacker is injecting malicious LSAs with a rate higher than MinLSInterval, the legitimate owner will not only NOT fight back but it will ALSO collaborate in the flooding |