Hi, On Fri, Nov 28, 2003 at 09:57:31AM +0100, Magnus Eriksson wrote: > IndianZ wrote: > > >After deep-searching Google and other search engines I only found 2 > >articles about MPLS Security (SANS and CISCO). Is that really all (or is > >this kind of information closed to the public)? > > > >Does anybody know more about MPLS Vulnerabilities and what to/how to > >pentest in a MPLS architecture? Any input about tools, hints and tricks is > >welcome... > I haven't heard of any vuln. specifically for MPLS.
some months ago I put up an MPLS risk analysis table during a project. I can't publish it yet (as there are sensitive customer data in it) but will do so in the near future (anonymized). These are the URLs I used in the reference; by them you should be able get a rough overview of the 'security aspects' of MPLS. thanks, -- Enno Rey ERNW Enno Rey Netzwerke GmbH - Zaehringerstr. 46 - 69115 Heidelberg Tel. +49 6221 480390 - Fax 6221 419008 - Mobil +49 173 6745902 www.ernw.de - PGP E5CB 9505 EA06 6380 6F12 DE3E 624E 1334 326B B70C ---------- [1] NSA Guide: http://nsa1.conxion.com/cisco/guides/cis-2.pdf [2]: Secure IOS Template: http://www.cymru.com/Documents/secure-ios-template.html [3]: Cisco Dokument ?Improving Security on Cisco Routers?: http://www.cisco.com/warp/public/707/21.html [4]: Cisco Dokument ?Security of the MPLS Architecture?: ftp://ftp-eng.cisco.com/cons/isp/security/MPLS-Security/mxinf-ds.pdf [5] Juniper Dokument ?JUNOS Router Security?: http://www.juniper.net/solutions/literature/app_note/350013.pdf [6] BT Dokument ?Carrier requirements of core IP routers 2002?: http://www.btexact.com/docimages/42267/42267.pdf [7] Cisco Networkers Session SEC-370 (2001) ?Understanding MPLS/VPN Security Issues?: ftp://ftp-eng.cisco.com/cons/isp/security/MPLS-Security/SEC-370-mpls-security.pdf [8] Cisco Dokument ?LS MPLS/VPN Security Considerations?: ftp://ftp-eng.cisco.com/cons/isp/security/MPLS-Security/MPLS-Sec-V1.pdf [9] MPLS LDP Inbound Label Binding Filtering: http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00801b23a2.html [10] VRF maximum routes: http://www.cisco.com/en/US/products/sw/iosswrel/ps1830/products_feature_guide09186a0080087b1f.html [11] Cisco Dokument ?Key Management von Routing-Protokollen?: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt2/1cfindep.htm#1001635 [12] Cisco Dokument ?BGP maximum-prefix?: http://www.cisco.com/en/US/tech/tk365/tk80/technologies_configuration_example09186a008010a28a.shtml [13] Cisco ISP Essentials: www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip [14] http://www.netw3.com/documents/Protecting_Network_Infrastructure.htm [15] http://www.blackhat.com/presentations/bh-europe-01/fischbach/bh-europe-01-fischbach.ppt _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
