Penetration Testing mailing list archives
Re: [PEN-TEST] Vulnerabilities within MPLS ??
From: Dave Piscitello <dave () CORECOM COM>
Date: Sun, 7 Jan 2001 20:49:34 -0500
Think of an MPLS VPN as the same sort of virtual network arrangement with an Internet (IP) service provider as you have when you run IP over ATM or Frame Relay in a virtual network with, say, MCI/Worldcom (the service used to be called HyperStream). Service providers use MPLS to create tunnels across their infrastructure that provide certain QOS assurances, just like ATM or Frame Relay PVCs provide QOS guarantees. With this model, and with the add'l info from the URLs already provided, you should be able to get a good idea about what MPLs does. Mostly, it's about traffic engineering for IP networks--the "P" is really not "private as in Secure..." but "private" as in "closed community paying a premium for better than best effort delivery" At 04:42 PM 1/3/01 -0500, you wrote:
> I am searching for information on vulnerabilities in the Multi-protocol > Label Switching (MPLS) protocol. I have been unable to gather information > by searching on the common search engines, as the majority of the hits are > related to the RFC's. > > I have organized several questions to better understand the subject: Are > there any big holes that could lead to a security compromise? What is the > difference between MPLS and MPLS VPN? I realize that plain MPLS does not > provide confidentiality, integrity, and authentication by itself unless it > is used along with IPSec. How is the route negotiated between the PE's > (provider edge routers)? Can the route negotiation be compromised in any > manner? What happens with traffic if one of the PE routers goes offline? > > I realize that these are difficult questions and the answers are likely to > be lengthy. Any information will be greatly appreciated. > > Thanks > Mike Ruscher Communications Security Establishment mgruscher () cse-cst gc ca > > > >
David M. Piscitello Core Competence, Inc. (http://www.corecom.com) and The Internet Security Conference (http://tisc.corecom.com) ~~ The Internet has security problems. We have answers. ~~ 3 Myrtle Bank Lane dave () corecom com Hilton Head, SC 29926 1.843.683-9988 PGP Fingerprint: 070A 9F01 C35C 4D41 A460 EF2C 2992 2F12 11D2 02DC
Current thread:
- [PEN-TEST] Vulnerabilities within MPLS ?? Ruscher, Mike (Jan 03)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Joe Hacker (Jan 04)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Sheldon Dubrowin (Jan 04)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Simon Jenner (Jan 05)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Dave Piscitello (Jan 07)
- <Possible follow-ups>
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? St. Clair, James (Jan 04)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Ruscher, Mike (Jan 04)