[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] MPLS Security

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] MPLS Security
From: Enno Rey <erey@ernw.de>
Date: Fri, 28 Nov 2003 10:51:02 +0000

Hi,

On Fri, Nov 28, 2003 at 09:57:31AM +0100, Magnus Eriksson wrote:
> IndianZ wrote:
> 
> >After deep-searching Google and other search engines I only found 2 
> >articles about MPLS Security (SANS and CISCO). Is that really all (or is 
> >this kind of information closed to the public)?
> >
> >Does anybody know more about MPLS Vulnerabilities and what to/how to 
> >pentest in a MPLS architecture? Any input about tools, hints and tricks is
> >welcome...
> I haven't heard of any vuln. specifically for MPLS.

some months ago I put up an MPLS risk analysis table during a project.
I can't publish it yet (as there are sensitive customer data in it) but will do 
so in the near future (anonymized).
These are the URLs I used in the reference; by them you should be able get a 
rough overview of the 'security aspects' of MPLS.

thanks,

-- 
Enno Rey

ERNW Enno Rey Netzwerke GmbH - Zaehringerstr. 46 - 69115 Heidelberg
Tel. +49 6221 480390 - Fax 6221 419008 - Mobil +49 173 6745902
www.ernw.de - PGP E5CB 9505 EA06 6380 6F12  DE3E 624E 1334 326B B70C

 
----------
[1] NSA Guide: http://nsa1.conxion.com/cisco/guides/cis-2.pdf
[2]: Secure IOS Template: 
http://www.cymru.com/Documents/secure-ios-template.html
[3]: Cisco Dokument ?Improving Security on Cisco Routers?: 
http://www.cisco.com/warp/public/707/21.html
[4]: Cisco Dokument ?Security of the MPLS Architecture?: 
ftp://ftp-eng.cisco.com/cons/isp/security/MPLS-Security/mxinf-ds.pdf
[5] Juniper Dokument ?JUNOS Router Security?: 
http://www.juniper.net/solutions/literature/app_note/350013.pdf
[6] BT Dokument ?Carrier requirements of core IP routers 2002?: 
http://www.btexact.com/docimages/42267/42267.pdf 
[7] Cisco Networkers Session SEC-370 (2001) ?Understanding MPLS/VPN Security 
Issues?: 
ftp://ftp-eng.cisco.com/cons/isp/security/MPLS-Security/SEC-370-mpls-security.pdf
[8] Cisco Dokument ?LS MPLS/VPN Security Considerations?: 
ftp://ftp-eng.cisco.com/cons/isp/security/MPLS-Security/MPLS-Sec-V1.pdf
[9] MPLS LDP Inbound Label Binding Filtering: 
http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00801b23a2.html
[10] VRF maximum routes: 
http://www.cisco.com/en/US/products/sw/iosswrel/ps1830/products_feature_guide09186a0080087b1f.html
[11] Cisco Dokument ?Key Management von Routing-Protokollen?:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt2/1cfindep.htm#1001635
[12] Cisco Dokument ?BGP maximum-prefix?: 
http://www.cisco.com/en/US/tech/tk365/tk80/technologies_configuration_example09186a008010a28a.shtml
[13] Cisco ISP Essentials: 
www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip
[14] http://www.netw3.com/documents/Protecting_Network_Infrastructure.htm
[15] 
http://www.blackhat.com/presentations/bh-europe-01/fischbach/bh-europe-01-fischbach.ppt
 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] MPLS Security
  - From: "Paulo Pereira" <pjp@paulo-pereira.net>

References:
- [Full-Disclosure] MPLS Security
  - From: IndianZ <indianz@indianz.ch>
- Re: [Full-Disclosure] MPLS Security
  - From: Magnus Eriksson <magnus@eriksson.mu>

Prev by Date: [Full-Disclosure] Re: Potentially new Virus
Next by Date: Re: [Full-Disclosure] Attacks based on predictable process IDs??
Previous by thread: Re: [Full-Disclosure] MPLS Security
Next by thread: Re: [Full-Disclosure] MPLS Security
Index(es):
- Date
- Thread