Hop-by-hop OSPF’s Security All OSPF peers (on the same network) share the same secret key. If the attacker compromises ONE single link it can now attack the entire domain. From the compromised link attacker can inject LSAs on behalf of every other OSPF router (even if other links use a different secret!) Security Consequences: Local Intrusion Global Impact Attacker that compromises one link/peer can possibly then attack anywhere in the entire domain Never know which is the compromised/malicious router Even if an attack/suspicious behaviour is detected, it may not be immediate to identify the malicious router |