Penetration Testing mailing list archives

Re: [PEN-TEST] Vulnerabilities within MPLS ??

From: Dave Piscitello <dave () CORECOM COM>
Date: Sun, 7 Jan 2001 20:49:34 -0500

Think of an MPLS VPN as the same sort of virtual network
arrangement with an Internet (IP) service provider as you
have when you run IP over ATM or Frame Relay in a virtual
network with, say, MCI/Worldcom (the service used to be
called HyperStream). Service providers use MPLS to create
tunnels across their infrastructure that provide certain
QOS assurances, just like ATM or Frame Relay PVCs provide
QOS guarantees.

With this model, and with the add'l info from the URLs
already provided, you should be able to get a good idea
about what MPLs does. Mostly, it's about traffic
engineering for IP networks--the "P" is really not
"private as in Secure..." but "private" as in "closed
community paying a premium for better than best effort
delivery"

At 04:42 PM 1/3/01 -0500, you wrote:

> I am searching for information on vulnerabilities in the Multi-protocol
> Label Switching (MPLS) protocol.  I have been unable to gather information
> by searching on the common search engines, as the majority of the hits are
> related to the RFC's.
>
> I have organized several questions to better understand the subject: Are
> there any big holes that could lead to a security compromise?  What is the
> difference between MPLS and MPLS VPN?  I realize that plain MPLS does not
> provide confidentiality, integrity, and authentication by itself unless it
> is used along with IPSec.  How is the route negotiated between the PE's
> (provider edge routers)?  Can the route negotiation be compromised in any
> manner?  What happens with traffic if one of the PE routers goes offline?
>
> I realize that these are difficult questions and the answers are likely to
> be lengthy. Any information will be greatly appreciated.
>
> Thanks
>
Mike Ruscher
Communications Security Establishment
mgruscher () cse-cst gc ca
>
>
>
>


                           David M. Piscitello
            Core Competence, Inc. (http://www.corecom.com) and
     The Internet Security Conference (http://tisc.corecom.com)
    ~~ The Internet has security problems. We have answers. ~~

3 Myrtle Bank Lane                                     dave () corecom com
Hilton Head, SC 29926                                  1.843.683-9988

PGP Fingerprint: 070A 9F01 C35C 4D41 A460 EF2C 2992 2F12 11D2 02DC

Current thread:

[PEN-TEST] Vulnerabilities within MPLS ?? Ruscher, Mike (Jan 03)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Joe Hacker (Jan 04)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Sheldon Dubrowin (Jan 04)
  - Re: [PEN-TEST] Vulnerabilities within MPLS ?? Simon Jenner (Jan 05)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Dave Piscitello (Jan 07)
- <Possible follow-ups>
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? St. Clair, James (Jan 04)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Ruscher, Mike (Jan 04)