This attack exploits a condition in RFC 2328 to check whether two instances of LSA are identical based on three criteria: the sequence number, the checksum value, and the age. So, an attacker can advertise a fake LSA using these fields, but in the next valid instance, because the router will consider the LSA as a duplicated one, it will ignore it.
To perform a disguised LSA attack, follow these steps:
- The attacker sends a spoofed LSA
- The attacker sends a disguised LSA with the same three fields discussed before
- Router 1 sends a fight-back LSA and they will be received by router 2, but it won't update the LSA database, whereas the received LSA is the same.
- Router 2 triggers another fight back