Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: [PEN-TEST] Vulnerabilities within MPLS ??

Re: [PEN-TEST] Vulnerabilities within MPLS ??

From: Ruscher, Mike <Mike.Ruscher_at_CSE-CST.GC.CA>
Date: Thu, 4 Jan 2001 14:26:46 -0500

I had previously checked the MPLS documentation at the vendor sites, but as
expected, they rarely discuss vulnerabilities in a public forum. Each
vendor will have their own implementation of MPLS with varying architectures
and it will be difficult to speak in general terms on MPLS issues.

Thanks to the informed people who have replied so quickly to my post. I am
pursuing the suggestions and once I collect some valuable information, I
will share it with you.

Mike Ruscher
Communications Security Establishment
mgruscher_at_cse-cst.gc.ca

> -----Original Message-----
> From: Sheldon Dubrowin [mailto:dubrowin_at_YAHOO.COM]
> Sent: Thursday, January 04, 2001 1:27 PM
> To: PEN-TEST_at_SECURITYFOCUS.COM
> Subject: Re: [PEN-TEST] Vulnerabilities within MPLS ??
>
>
> My understanding of QoS, I did QoS at BBN in a previous life,
> is that it only
> works within a provider's network. MPLS is a form of QoS (Quality of
> Service). MPLS will give preference up to a certain point
> (configured in the
> network) to packets with a "better" tag. Once a packet
> reaches the edge it
> is no longer gauranteed better performance. One of the
> issues in putting QoS
> into a large network is the fact that either you have to tag
> all the packets
> at the edge or you may end up giving preferential treatment
> to someone who
> isn't paying for it.
>
> Adding a VPN is just having VPN traffic (all/some? probably
> depends on the
> provider) being given preferential treat, or getting out of
> the routers more
> quickly than "regular" traffic.
>
> Shel
>
> On Wed, Jan 03, 2001 at 04:42:50PM -0500, Ruscher, Mike wrote:
> > > I am searching for information on vulnerabilities in the
> Multi-protocol
> > > Label Switching (MPLS) protocol. I have been unable to
> gather information
> > > by searching on the common search engines, as the
> majority of the hits are
> > > related to the RFC's.
> > >
> > > I have organized several questions to better understand
> the subject: Are
> > > there any big holes that could lead to a security
> compromise? What is the
> > > difference between MPLS and MPLS VPN? I realize that
> plain MPLS does not
> > > provide confidentiality, integrity, and authentication by
> itself unless it
> > > is used along with IPSec. How is the route negotiated
> between the PE's
> > > (provider edge routers)? Can the route negotiation be
> compromised in any
> > > manner? What happens with traffic if one of the PE
> routers goes offline?
> > >
> > > I realize that these are difficult questions and the
> answers are likely to
> > > be lengthy. Any information will be greatly appreciated.
> > >
> > > Thanks
> > >
> > Mike Ruscher
> > Communications Security Establishment
> > mgruscher_at_cse-cst.gc.ca
> > >
> > >
> > >
> > >
>
> --
> --------------------------------------------------------------
> ---------
> ,-~~-.___. ._.
> / | ' \ | |"""""""""| Sheldon M. Dubrowin
> ( ) 0 | | |
> \_/-, ,----' | | |
> ==== !_!--v---v--"
> / \-'~; |""""""""| dubrowin_at_yahoo.com
> / __/~| ._-""|| | www.shelnet.org
> =( _____|_|____||________|
> --------------------------------------------------------------
> ---------
>
Received on Jan 04 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos