Full Disclosure mailing list archives
Re: MPLS Security
From: "Paulo Pereira" <pjp () paulo-pereira net>
Date: Fri, 28 Nov 2003 15:04:42 +0300
----- Original Message ----- From: "Enno Rey" <erey () ernw de> To: <full-disclosure () lists netsys com> Sent: Friday, November 28, 2003 13:51 Subject: Re: [Full-disclosure] MPLS Security
Hi, On Fri, Nov 28, 2003 at 09:57:31AM +0100, Magnus Eriksson wrote:IndianZ wrote:After deep-searching Google and other search engines I only found 2 articles about MPLS Security (SANS and CISCO). Is that really all (or
is
this kind of information closed to the public)? Does anybody know more about MPLS Vulnerabilities and what to/how to pentest in a MPLS architecture? Any input about tools, hints and tricks
is
welcome...I haven't heard of any vuln. specifically for MPLS.some months ago I put up an MPLS risk analysis table during a project. I can't publish it yet (as there are sensitive customer data in it) but
will do so in the near future (anonymized).
These are the URLs I used in the reference; by them you should be able get
a rough overview of the 'security aspects' of MPLS.
thanks, -- Enno Rey ERNW Enno Rey Netzwerke GmbH - Zaehringerstr. 46 - 69115 Heidelberg Tel. +49 6221 480390 - Fax 6221 419008 - Mobil +49 173 6745902 www.ernw.de - PGP E5CB 9505 EA06 6380 6F12 DE3E 624E 1334 326B B70C ---------- [1] NSA Guide: http://nsa1.conxion.com/cisco/guides/cis-2.pdf [2]: Secure IOS Template:
http://www.cymru.com/Documents/secure-ios-template.html
[3]: Cisco Dokument ?Improving Security on Cisco Routers?:
http://www.cisco.com/warp/public/707/21.html
[4]: Cisco Dokument ?Security of the MPLS Architecture?:
ftp://ftp-eng.cisco.com/cons/isp/security/MPLS-Security/mxinf-ds.pdf
[5] Juniper Dokument ?JUNOS Router Security?:
http://www.juniper.net/solutions/literature/app_note/350013.pdf
[6] BT Dokument ?Carrier requirements of core IP routers 2002?:
http://www.btexact.com/docimages/42267/42267.pdf
[7] Cisco Networkers Session SEC-370 (2001) ?Understanding MPLS/VPN
Security Issues?: ftp://ftp-eng.cisco.com/cons/isp/security/MPLS-Security/SEC-370-mpls-securit y.pdf
[8] Cisco Dokument ?LS MPLS/VPN Security Considerations?:
ftp://ftp-eng.cisco.com/cons/isp/security/MPLS-Security/MPLS-Sec-V1.pdf
[9] MPLS LDP Inbound Label Binding Filtering:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guid e09186a00801b23a2.html
[10] VRF maximum routes:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1830/products_feature_guid e09186a0080087b1f.html
[11] Cisco Dokument ?Key Management von Routing-Protokollen?:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr _c/ipcprt2/1cfindep.htm#1001635
[12] Cisco Dokument ?BGP maximum-prefix?:
http://www.cisco.com/en/US/tech/tk365/tk80/technologies_configuration_exampl e09186a008010a28a.shtml
[13] Cisco ISP Essentials:
www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip
[14] http://www.netw3.com/documents/Protecting_Network_Infrastructure.htm [15]
http://www.blackhat.com/presentations/bh-europe-01/fischbach/bh-europe-01-fi schbach.ppt
Hi, There are two parts of MPLS than can be potentially vulnerable, on one side there is the forwarding plane and on the other side there is the control plane. On the forwarding plane you should be looking for things like what happens if a router receives a labeled packet in a interface configured as a CE link. Does it forward it according to the Label Information Base or it will be dropped? If it uses the LIB then you can potentially hop between VPNs. With regards to control plane, you should look at the security of LDP, BGP (for VPNs) and RSVP (for TE). Example, is LDP enabled on CE interfaces, if it is, can you establish a LDP session and inject labels? This is my idea of the kinds of things that need to be checked when accessing MPLS implementations. Paulo Pereira _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MPLS Security IndianZ (Nov 27)
- Re: MPLS Security Magnus Eriksson (Nov 28)
- Re: MPLS Security Enno Rey (Nov 28)
- Re: MPLS Security Paulo Pereira (Nov 28)
- Re: MPLS Security Enno Rey (Nov 28)
- Re: MPLS Security Nicob (Nov 28)
- Re: MPLS Security Magnus Eriksson (Nov 28)