Penetration Testing mailing list archives
Re: [PEN-TEST] Vulnerabilities within MPLS ??
From: "Ruscher, Mike" <Mike.Ruscher () CSE-CST GC CA>
Date: Thu, 4 Jan 2001 14:26:46 -0500
I had previously checked the MPLS documentation at the vendor sites, but as expected, they rarely discuss vulnerabilities in a public forum. Each vendor will have their own implementation of MPLS with varying architectures and it will be difficult to speak in general terms on MPLS issues. Thanks to the informed people who have replied so quickly to my post. I am pursuing the suggestions and once I collect some valuable information, I will share it with you. Mike Ruscher Communications Security Establishment mgruscher () cse-cst gc ca
-----Original Message----- From: Sheldon Dubrowin [mailto:dubrowin () YAHOO COM] Sent: Thursday, January 04, 2001 1:27 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Vulnerabilities within MPLS ?? My understanding of QoS, I did QoS at BBN in a previous life, is that it only works within a provider's network. MPLS is a form of QoS (Quality of Service). MPLS will give preference up to a certain point (configured in the network) to packets with a "better" tag. Once a packet reaches the edge it is no longer gauranteed better performance. One of the issues in putting QoS into a large network is the fact that either you have to tag all the packets at the edge or you may end up giving preferential treatment to someone who isn't paying for it. Adding a VPN is just having VPN traffic (all/some? probably depends on the provider) being given preferential treat, or getting out of the routers more quickly than "regular" traffic. Shel On Wed, Jan 03, 2001 at 04:42:50PM -0500, Ruscher, Mike wrote:I am searching for information on vulnerabilities in theMulti-protocolLabel Switching (MPLS) protocol. I have been unable togather informationby searching on the common search engines, as themajority of the hits arerelated to the RFC's. I have organized several questions to better understandthe subject: Arethere any big holes that could lead to a securitycompromise? What is thedifference between MPLS and MPLS VPN? I realize thatplain MPLS does notprovide confidentiality, integrity, and authentication byitself unless itis used along with IPSec. How is the route negotiatedbetween the PE's(provider edge routers)? Can the route negotiation becompromised in anymanner? What happens with traffic if one of the PErouters goes offline?I realize that these are difficult questions and theanswers are likely tobe lengthy. Any information will be greatly appreciated. ThanksMike Ruscher Communications Security Establishment mgruscher () cse-cst gc ca-- -------------------------------------------------------------- --------- ,-~~-.___. ._. / | ' \ | |"""""""""| Sheldon M. Dubrowin ( ) 0 | | | \_/-, ,----' | | | ==== !_!--v---v--" / \-'~; |""""""""| dubrowin () yahoo com / __/~| ._-""|| | www.shelnet.org =( _____|_|____||________| -------------------------------------------------------------- ---------
Current thread:
- [PEN-TEST] Vulnerabilities within MPLS ?? Ruscher, Mike (Jan 03)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Joe Hacker (Jan 04)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Sheldon Dubrowin (Jan 04)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Simon Jenner (Jan 05)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Dave Piscitello (Jan 07)
- <Possible follow-ups>
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? St. Clair, James (Jan 04)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Ruscher, Mike (Jan 04)