Penetration Testing mailing list archives
Re: [PEN-TEST] Vulnerabilities within MPLS ??
From: Sheldon Dubrowin <dubrowin () YAHOO COM>
Date: Thu, 4 Jan 2001 13:27:13 -0500
My understanding of QoS, I did QoS at BBN in a previous life, is that it only
works within a provider's network. MPLS is a form of QoS (Quality of
Service). MPLS will give preference up to a certain point (configured in the
network) to packets with a "better" tag. Once a packet reaches the edge it
is no longer gauranteed better performance. One of the issues in putting QoS
into a large network is the fact that either you have to tag all the packets
at the edge or you may end up giving preferential treatment to someone who
isn't paying for it.
Adding a VPN is just having VPN traffic (all/some? probably depends on the
provider) being given preferential treat, or getting out of the routers more
quickly than "regular" traffic.
Shel
On Wed, Jan 03, 2001 at 04:42:50PM -0500, Ruscher, Mike wrote:
I am searching for information on vulnerabilities in the Multi-protocol Label Switching (MPLS) protocol. I have been unable to gather information by searching on the common search engines, as the majority of the hits are related to the RFC's. I have organized several questions to better understand the subject: Are there any big holes that could lead to a security compromise? What is the difference between MPLS and MPLS VPN? I realize that plain MPLS does not provide confidentiality, integrity, and authentication by itself unless it is used along with IPSec. How is the route negotiated between the PE's (provider edge routers)? Can the route negotiation be compromised in any manner? What happens with traffic if one of the PE routers goes offline? I realize that these are difficult questions and the answers are likely to be lengthy. Any information will be greatly appreciated. ThanksMike Ruscher Communications Security Establishment mgruscher () cse-cst gc ca
--
-----------------------------------------------------------------------
,-~~-.___. ._.
/ | ' \ | |"""""""""| Sheldon M. Dubrowin
( ) 0 | | |
\_/-, ,----' | | |
==== !_!--v---v--"
/ \-'~; |""""""""| dubrowin () yahoo com
/ __/~| ._-""|| | www.shelnet.org
=( _____|_|____||________|
-----------------------------------------------------------------------
Current thread:
- [PEN-TEST] Vulnerabilities within MPLS ?? Ruscher, Mike (Jan 03)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Joe Hacker (Jan 04)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Sheldon Dubrowin (Jan 04)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Simon Jenner (Jan 05)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Dave Piscitello (Jan 07)
- <Possible follow-ups>
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? St. Clair, James (Jan 04)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Ruscher, Mike (Jan 04)