Re: attacks on MPLS?

[Truman Boyes <truman () suspicious org>]

Modification to VPN labels in MPLS is interesting however it assumes  
that providers have exposed their core network to customers. Traffic  
can be injected into different MPLS VPNs by modifying vpn labels but  
this is not a trivial attack scenario. For one thing, it would mean  
the attacker has a view of existing traffic, an understanding of which  
VPNs are using specific labels, and a path that is inline to modify/ 
inject traffic.

By this same token, attacks on route target membership associations to  
vpnv4 prefixes would also be a valid attack method. It's all feasible,  
but it's not trivial.

Truman


On 10/04/2009, at 4:28 AM, Christian Koch wrote:

> They presented on the same topic at shmoocon, not sure if the info  
> is any
> more updated for BH EUROPE, but here is the pres they did in Feb09
>
> http://www.shmoocon.org/slides/rey_mende_all_your_packets_v05.pdf
>
>
>
> On Thu, Apr 9, 2009 at 10:15 AM, Hector Herrera <hectorherrera () gmail com 
> >wrote:
>
> > On Thu, Apr 9, 2009 at 9:56 AM, Steven M. Bellovin <smb () cs columbia edu 
> > >
> > wrote:
> > >
> > http://www.darkreading.com/securityservices/services/data/showArticle.jhtml?articleID=216403220
> > >               --Steve Bellovin, http://www.cs.columbia.edu/~smb<http://www.cs.columbia.edu/%7Esmb 
> > > >
> >
> > I'll wait to read their full presentation, but according to the
> > article it appears to me that if they have gained access to a Network
> > Management station or a Router, that the entire network has been
> > compromised, not just MPLS.
> >
> > --
> > Hector Herrera
> > President
> > Pier Programming Services Ltd.