The Internet consists of a large number of interconnected heterogeneous ASs (Autonomous Systems), each owned and administered by an autonomous organization. Traffic in each AS is forwarded by routers that maintain a coherent picture of the network topology using an intra-AS routing protocol. The most popular intra-AS routing protocols are link-state protocols, such as OSPF and IS-IS.

In this work we propose and analyze a new attack, referred to as a "partition attack,” in which a compromised router sends different LSAs to different neighbors. This enables a single compromised router to prevent the other routers from building a correct and consistent picture of the network topology. The attack cannot be prevented even if LSAs are encrypted and digitally signed with current schemes.