A Routing Protocols Fuzzing Method based on MAN-IN-THE-MIDDLE

Fuzzing or fuzz testing has made great progress in recent years, resulting in many tools and frameworks. Unlike simple command-line programs, fuzzing of stateful network protocols is difficult because of the need of constructing a state model. Among them, routing protocols have more complex state models, making the fuzzing more complicated. Existing fuzzers mostly focus on simple network protocols such as File Transfer Protocol. However, the vulnerability of routing protocols would cause greater damage, hence, finding an effective fuzzing method for routing protocols is of great importance. In this paper, we propose a man-in-the-middle-based fuzzing method for routing protocols. The method connects a host between routers as a middleman and uses the data interacted between routers as seeds to generate test cases for fuzzing. The method is based on the observation that routing protocols can automatically transfer between related states without guidance, using the protocol data interacted between routers to perform fuzzing can cover the protocol state. The method does not require any settings of the target before testing and can be applied in a realistic routing environment. We applied the method to the OSPF routing protocol of real Cisco IOS images and found three vulnerabilities, verifying the effectiveness of the method.