After deep-searching Google and other search engines I only found 2 articles about MPLS Security (SANS and CISCO). Is that really all (or is this kind of information closed to the public)?I haven't heard of any vuln. specifically for MPLS.
Does anybody know more about MPLS Vulnerabilities and what to/how to pentest in a MPLS architecture? Any input about tools, hints and tricks is
welcome...
I think your best shot is attacking the PE routers. If you have access to the media which MPLS packet traverses, sniffing traffic is a breeze with any descent sniffer.
Breaking out of a MPLS VPN which is configured properly is most likely almost impossibe without access to PE routers.
Standard tools to audit Cisco/other vendors routers can be used.
Especially Cisco is more likely to have management access open on customer interfaces, since Cisco ACLs are a pain in the ass to apply and maintain. Junipers are alot easier (all router access is forwarded to loopback and only loopback filters will need to be filtered). Ciscos have this feature on later IOS and high-end boxes, but many SP have yet to deploy them.
Magnus
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
