Re: MPLS Security

[Magnus Eriksson <magnus () eriksson mu>]

IndianZ wrote:

> After deep-searching Google and other search engines I only found 2 
> articles about MPLS Security (SANS and CISCO). Is that really all (or is 
> this kind of information closed to the public)?
>
> Does anybody know more about MPLS Vulnerabilities and what to/how to 
> pentest in a MPLS architecture? Any input about tools, hints and tricks is
> welcome...
I haven't heard of any vuln. specifically for MPLS.

I think your best shot is attacking the PE routers. If you have access 
to the media which MPLS packet traverses, sniffing traffic is a breeze 
with any descent sniffer.

Breaking out of a MPLS VPN which is configured properly is most likely 
almost impossibe without access to PE routers.

Standard tools to audit Cisco/other vendors routers can be used.

Especially Cisco is more likely to have management access open on 
customer interfaces, since Cisco ACLs are a pain in the ass to apply and 
maintain. Junipers are alot easier (all router access is forwarded to 
loopback and only loopback filters will need to be filtered). Ciscos 
have this feature on later IOS and high-end boxes, but many SP have yet 
to deploy them.

Magnus


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html