Re: [PEN-TEST] Vulnerabilities within MPLS ??

["St. Clair, James" <JStClair () VREDENBURG COM>]

Mike,

Recommend you check out the MPLS forum, at (oddly enough) www.mplsforum.org.
I think that you may be examining advanced topics they have not yet
addressed, and would welcome someone asking these questions.

Telecommunications Journal (www.telecom-mag.com) has some good articles on
MPLS as it relates to VPNs, IP networks, etc. Nothing on security, though.

hope this helps.

Jim



-----Original Message-----
From: Ruscher, Mike [mailto:Mike.Ruscher () CSE-CST GC CA]
Sent: Wednesday, January 03, 2001 4:43 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Vulnerabilities within MPLS ??


> I am searching for information on vulnerabilities in the Multi-protocol
> Label Switching (MPLS) protocol.  I have been unable to gather information
> by searching on the common search engines, as the majority of the hits are
> related to the RFC's.
>
> I have organized several questions to better understand the subject: Are
> there any big holes that could lead to a security compromise?  What is the
> difference between MPLS and MPLS VPN?  I realize that plain MPLS does not
> provide confidentiality, integrity, and authentication by itself unless it
> is used along with IPSec.  How is the route negotiated between the PE's
> (provider edge routers)?  Can the route negotiation be compromised in any
> manner?  What happens with traffic if one of the PE routers goes offline?
>
> I realize that these are difficult questions and the answers are likely to
> be lengthy. Any information will be greatly appreciated.
>
> Thanks
Mike Ruscher
Communications Security Establishment
mgruscher () cse-cst gc ca
>