Re: [Full-Disclosure] MPLS Security

• Previous message: bugzilla_at_redhat.com: "[Full-Disclosure] [RHSA-2003:243-01] Updated Apache and mod_ssl packages fix security vulnerabilities"
• In reply to: IndianZ: "[Full-Disclosure] MPLS Security"
• Next in thread: Enno Rey: "Re: [Full-Disclosure] MPLS Security"
• Reply: Enno Rey: "Re: [Full-Disclosure] MPLS Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: indianz@indianz.ch
Date: Fri, 28 Nov 2003 09:57:31 +0100

IndianZ wrote:

> After deep-searching Google and other search engines I only found 2
> articles about MPLS Security (SANS and CISCO). Is that really all (or is
> this kind of information closed to the public)?
>
> Does anybody know more about MPLS Vulnerabilities and what to/how to
> pentest in a MPLS architecture? Any input about tools, hints and tricks is
> welcome...
I haven't heard of any vuln. specifically for MPLS.

I think your best shot is attacking the PE routers. If you have access
to the media which MPLS packet traverses, sniffing traffic is a breeze
with any descent sniffer.

Breaking out of a MPLS VPN which is configured properly is most likely
almost impossibe without access to PE routers.

Standard tools to audit Cisco/other vendors routers can be used.

Especially Cisco is more likely to have management access open on
customer interfaces, since Cisco ACLs are a pain in the ass to apply and
maintain. Junipers are alot easier (all router access is forwarded to
loopback and only loopback filters will need to be filtered). Ciscos
have this feature on later IOS and high-end boxes, but many SP have yet
to deploy them.

Magnus

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: bugzilla_at_redhat.com: "[Full-Disclosure] [RHSA-2003:243-01] Updated Apache and mod_ssl packages fix security vulnerabilities"
• In reply to: IndianZ: "[Full-Disclosure] MPLS Security"
• Next in thread: Enno Rey: "Re: [Full-Disclosure] MPLS Security"
• Reply: Enno Rey: "Re: [Full-Disclosure] MPLS Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages MPLS or not ? ... What are the reasons I should or should not move from Frame to MPLS? ... Our current frame handles critical production data only, redundant netowrk connectivity and routers at every location. ... (comp.dcom.sys.cisco) Re: BGP & EIGRP Routing Issue ... BTW I did not say to point default at the MPLS PE routers but just ... advertise default (i.e. points it to null0 on teh BGP ... More specific routes are held by CE routers that are running BGP. ... (comp.dcom.sys.cisco) Re: BGP & EIGRP Routing Issue ... Exit points meaning to the MPLS PE routers. ... The OP clearly stated that this issue was occuring on the two central ... (comp.dcom.sys.cisco) Cisco Security Advisory: Crafted Packet Causes Reload on Cisco Routers ... Cisco Security Advisory: Crafted Packet Causes Reload on Cisco Routers ... Protocol Label Switching (MPLS) are vulnerable to a Denial of Service ... Cisco has made free software available to address this vulnerability. ... MPLS can be enabled in different ways on a router. ... (Bugtraq) [Full-Disclosure] Cisco Security Advisory: Crafted Packet Causes Reload on Cisco Routers ... Cisco Security Advisory: Crafted Packet Causes Reload on Cisco Routers ... Protocol Label Switching (MPLS) are vulnerable to a Denial of Service ... Cisco has made free software available to address this vulnerability. ... MPLS can be enabled in different ways on a router. ... (Full-Disclosure)