Full Disclosure mailing list archives
Re: MPLS Security
From: Enno Rey <erey () ernw de>
Date: Fri, 28 Nov 2003 10:51:02 +0000
Hi, On Fri, Nov 28, 2003 at 09:57:31AM +0100, Magnus Eriksson wrote:
IndianZ wrote:After deep-searching Google and other search engines I only found 2 articles about MPLS Security (SANS and CISCO). Is that really all (or is this kind of information closed to the public)? Does anybody know more about MPLS Vulnerabilities and what to/how to pentest in a MPLS architecture? Any input about tools, hints and tricks is welcome...I haven't heard of any vuln. specifically for MPLS.
some months ago I put up an MPLS risk analysis table during a project. I can't publish it yet (as there are sensitive customer data in it) but will do so in the near future (anonymized). These are the URLs I used in the reference; by them you should be able get a rough overview of the 'security aspects' of MPLS. thanks, -- Enno Rey ERNW Enno Rey Netzwerke GmbH - Zaehringerstr. 46 - 69115 Heidelberg Tel. +49 6221 480390 - Fax 6221 419008 - Mobil +49 173 6745902 www.ernw.de - PGP E5CB 9505 EA06 6380 6F12 DE3E 624E 1334 326B B70C ---------- [1] NSA Guide: http://nsa1.conxion.com/cisco/guides/cis-2.pdf [2]: Secure IOS Template: http://www.cymru.com/Documents/secure-ios-template.html [3]: Cisco Dokument ?Improving Security on Cisco Routers?: http://www.cisco.com/warp/public/707/21.html [4]: Cisco Dokument ?Security of the MPLS Architecture?: ftp://ftp-eng.cisco.com/cons/isp/security/MPLS-Security/mxinf-ds.pdf [5] Juniper Dokument ?JUNOS Router Security?: http://www.juniper.net/solutions/literature/app_note/350013.pdf [6] BT Dokument ?Carrier requirements of core IP routers 2002?: http://www.btexact.com/docimages/42267/42267.pdf [7] Cisco Networkers Session SEC-370 (2001) ?Understanding MPLS/VPN Security Issues?: ftp://ftp-eng.cisco.com/cons/isp/security/MPLS-Security/SEC-370-mpls-security.pdf [8] Cisco Dokument ?LS MPLS/VPN Security Considerations?: ftp://ftp-eng.cisco.com/cons/isp/security/MPLS-Security/MPLS-Sec-V1.pdf [9] MPLS LDP Inbound Label Binding Filtering: http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00801b23a2.html [10] VRF maximum routes: http://www.cisco.com/en/US/products/sw/iosswrel/ps1830/products_feature_guide09186a0080087b1f.html [11] Cisco Dokument ?Key Management von Routing-Protokollen?: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt2/1cfindep.htm#1001635 [12] Cisco Dokument ?BGP maximum-prefix?: http://www.cisco.com/en/US/tech/tk365/tk80/technologies_configuration_example09186a008010a28a.shtml [13] Cisco ISP Essentials: www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip [14] http://www.netw3.com/documents/Protecting_Network_Infrastructure.htm [15] http://www.blackhat.com/presentations/bh-europe-01/fischbach/bh-europe-01-fischbach.ppt _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MPLS Security IndianZ (Nov 27)
- Re: MPLS Security Magnus Eriksson (Nov 28)
- Re: MPLS Security Enno Rey (Nov 28)
- Re: MPLS Security Paulo Pereira (Nov 28)
- Re: MPLS Security Enno Rey (Nov 28)
- Re: MPLS Security Nicob (Nov 28)
- Re: MPLS Security Magnus Eriksson (Nov 28)