Introduction to OSPF Authentication

December 24, 2019

The role of routers in a network is so crucial that they are often the targets of network attacks. The routers are also at risk from the attack just as much as end-user systems. Routing systems can be attacked by disrupting the routing peers or by falsifying the information passed within the routing protocol. Falsified routing information causes systems to misinform each other, also cause a denial-of-service (DoS) attack, or cause traffic to follow a path it would not normally follow. The false routing information results following:

Create routing loops
It can be monitored on an insecure link
Discard original traffic

Secure Routing Updates

To exchange routing update securely, enable OSPF authentication. The OSPF authentication can be none or null, simple password authentication, or Message Digest 5 (MD5) authentication.

Null– Null is the default way of OSPF routing update exchange. Using this method no authentication is used.
Simple password authentication– This is a plaintext authentication because the password in the update is sent in plaintext. This is a legacy method of OSPF authentication.
MD5 authentication– MD5 authentication provides higher security because MD5 never exchange password between peers. It uses the MD5 algorithm. This is the safest and recommended way of authentication. RIPv2, EIGRP, IS-IS, and BGP also support different forms of MD5 authentication.

Using the MD5 authentication the router combines the routing update message with the pre-shared secret key and calculates the signature using the MD5 algorithm. The signature is known as a hash value.

MD5 does not encrypt the message; therefore, the content is easily readable. The receiving router opens the packet, combines the routing message with the pre-shared secret key and calculates the signature using the MD5 algorithm. If the signatures match, then the receiving router accepts the routing update otherwise the receiving router discards the update. OSPFv3 did not include any OSPF authentication capabilities of its own because it bases completely on IPSec to secure communications between neighbours.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Introduction to OSPF Authentication

Secure Routing Updates

To exchange routing update securely, enable OSPF authentication. The OSPF authentication can be none or null, simple password authentication, or Message Digest 5 (MD5) authentication.

Like this:

Related

Asad Ijaz

Introduction to OSPF Authentication

Secure Routing Updates

To exchange routing update securely, enable OSPF authentication. The OSPF authentication can be none or null, simple password authentication, or Message Digest 5 (MD5) authentication.

Share this:

Like this:

Related

Asad Ijaz