Penetration Testing mailing list archives
Re: [PEN-TEST] Vulnerabilities within MPLS ??
From: Simon Jenner <Simon_Jenner () ins com>
Date: Fri, 5 Jan 2001 10:20:56 -0000
MPLS is not only for QoS it provides layer 2 type services in the layer 3 environment (QoS, CoS, Traffic engineered paths etc) . If using Ethernet or PoS then a label is inserted between layer 2 and layer 3 protocols, if using ATM then the label is inserted into the ATM header. The MPLS label is used to forward the packet to the next hop. MPLS was not designed as a VPN protocol, however it does support features that allow VPNs (stacks of labels). The VPNs are primarily created by the ability for the PE (Provider edge or Label Edge router (LER)) being able to run Virtual Routers. VR's allow multiple independent routing tables to be held on a single device. The security is gained by only being able to use a certain routing table. As you stated vendor implementations are different and therefore have different security strengths. I have attempted some simple penetration tests on a Cisco router running VRs with no luck in breaking it (it was a simple test though) At a guess the place to look for weaknesses would probably be BGP as this is used to carry VPN routes across the network. BGP uses some extra features such as new address families and extended communities (see RFC 2547 & RFC 2283). A spoofed injection of BGP could lead to VPN routes being populated into the wrong VRs. Simon -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Sheldon Dubrowin Sent: 04 January 2001 18:27 To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Vulnerabilities within MPLS ?? My understanding of QoS, I did QoS at BBN in a previous life, is that it only works within a provider's network. MPLS is a form of QoS (Quality of Service). MPLS will give preference up to a certain point (configured in the network) to packets with a "better" tag. Once a packet reaches the edge it is no longer gauranteed better performance. One of the issues in putting QoS into a large network is the fact that either you have to tag all the packets at the edge or you may end up giving preferential treatment to someone who isn't paying for it. Adding a VPN is just having VPN traffic (all/some? probably depends on the provider) being given preferential treat, or getting out of the routers more quickly than "regular" traffic. Shel On Wed, Jan 03, 2001 at 04:42:50PM -0500, Ruscher, Mike wrote:
I am searching for information on vulnerabilities in the Multi-protocol Label Switching (MPLS) protocol. I have been unable to gather
information
by searching on the common search engines, as the majority of the hits
are
related to the RFC's. I have organized several questions to better understand the subject: Are there any big holes that could lead to a security compromise? What is
the
difference between MPLS and MPLS VPN? I realize that plain MPLS does
not
provide confidentiality, integrity, and authentication by itself unless
it
is used along with IPSec. How is the route negotiated between the PE's (provider edge routers)? Can the route negotiation be compromised in
any
manner? What happens with traffic if one of the PE routers goes
offline?
I realize that these are difficult questions and the answers are likely
to
be lengthy. Any information will be greatly appreciated. ThanksMike Ruscher Communications Security Establishment mgruscher () cse-cst gc ca
-- ----------------------------------------------------------------------- ,-~~-.___. ._. / | ' \ | |"""""""""| Sheldon M. Dubrowin ( ) 0 | | | \_/-, ,----' | | | ==== !_!--v---v--" / \-'~; |""""""""| dubrowin () yahoo com / __/~| ._-""|| | www.shelnet.org =( _____|_|____||________| -----------------------------------------------------------------------
Current thread:
- [PEN-TEST] Vulnerabilities within MPLS ?? Ruscher, Mike (Jan 03)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Joe Hacker (Jan 04)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Sheldon Dubrowin (Jan 04)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Simon Jenner (Jan 05)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Dave Piscitello (Jan 07)
- <Possible follow-ups>
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? St. Clair, James (Jan 04)
- Re: [PEN-TEST] Vulnerabilities within MPLS ?? Ruscher, Mike (Jan 04)