Penetration Testing mailing list archives
Re: [PEN-TEST] Vulnerabilities within MPLS ??
From: Tom Vandepoel <tom.vandepoel () UBIZEN COM>
Date: Thu, 8 Feb 2001 13:16:22 +0100
Simon Jenner wrote:
MPLS is not only for QoS it provides layer 2 type services in the layer 3 environment (QoS, CoS, Traffic engineered paths etc) . If using Ethernet or PoS then a label is inserted between layer 2 and layer 3 protocols, if using ATM then the label is inserted into the ATM header. The MPLS label is used to forward the packet to the next hop. MPLS was not designed as a VPN protocol, however it does support features that allow VPNs (stacks of labels). The VPNs are primarily created by the ability for the PE (Provider
IMHO the term VPN is being misused by ISP's. VPN's are not only about traffic separation; this traffic is passing over a public infrastructure and needs to be protected by strong encryption/authentication. Traffic separation through MPLS will help, but I wouldn't trust my internal corporate WAN traffic on it without encapsulating it in IPsec first.
edge or Label Edge router (LER)) being able to run Virtual Routers. VR's allow multiple independent routing tables to be held on a single device. The security is gained by only being able to use a certain routing table. As you stated vendor implementations are different and therefore have different security strengths. I have attempted some simple penetration tests on a Cisco router running VRs with no luck in breaking it (it was a simple test though)
Have you tried injecting spoofed MPLS frames into the network? Obviously, this would require some coding, but it could be done. Take your IP packet, wrap around an MPLS header and try to find out if you can jump 'VPN's. You'd have to know which flow labels to slap on, but maybe they're predictable. Anyone done any research in this area? Tom. -- Tom Vandepoel Ubizen Sr. Security Engineer We Secure e-Business Phone +32 16 28 70 00 http://www.ubizen.com Fax +32 16 28 71 00 http://www.securitywatch.com
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Tom Vandepoel (Feb 10)