Penetration Testing mailing list archives
Re: [PEN-TEST] Vulnerabilities within MPLS ??
From: Joe Hacker <hacker () ONLINE NO>
Date: Thu, 4 Jan 2001 16:11:45 -0000
I have organized several questions to better understand the subject: Are there any big holes that could lead to a security compromise? What is
the
difference between MPLS and MPLS VPN? I realize that plain MPLS does
not
provide confidentiality, integrity, and authentication by itself unless
it
is used along with IPSec. How is the route negotiated between the PE's (provider edge routers)? Can the route negotiation be compromised in
any
manner? What happens with traffic if one of the PE routers goes
offline?
As I understand MPLS VPN (vs MPLS), the MPLS VPN networks are not visible to the global routing table. (Someone stop me if I am talking out of my ass.) Basically, packets coming from (outside) into routers which carry the MPLS VPN have no way of entering it and vica versa. MPLS VPN customers who wish to access the Internet, say, can only do so by having a separate leg (dialup, leased line, etc) from one of their locations to their (or another) ISP. Traffic from one VPN cannot move into another VPN (or outside it) unless there is a flaw in the implementation, or someone busts into the PE (Provider Edge) equipment. Since the customer equipment is connected directly to this equipment, it is important that the PE is protected against spoofing attacks. On Cisco's, this could be implemented by using ip verify unicast reverse-path on customer interfaces, for example. Not sure if this answered any of your questions. -j0e
Current thread:
- [PEN-TEST] Vulnerabilities within MPLS ?? Ruscher, Mike (Jan 03)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Joe Hacker (Jan 04)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Sheldon Dubrowin (Jan 04)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Simon Jenner (Jan 05)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Dave Piscitello (Jan 07)
- <Possible follow-ups>
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? St. Clair, James (Jan 04)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Ruscher, Mike (Jan 04)