| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3FC70DFB.8030209@eriksson.mu> From: magnus at eriksson.mu (Magnus Eriksson) Subject: MPLS Security IndianZ wrote: > After deep-searching Google and other search engines I only found 2 > articles about MPLS Security (SANS and CISCO). Is that really all (or is > this kind of information closed to the public)? > > Does anybody know more about MPLS Vulnerabilities and what to/how to > pentest in a MPLS architecture? Any input about tools, hints and tricks is > welcome... I haven't heard of any vuln. specifically for MPLS. I think your best shot is attacking the PE routers. If you have access to the media which MPLS packet traverses, sniffing traffic is a breeze with any descent sniffer. Breaking out of a MPLS VPN which is configured properly is most likely almost impossibe without access to PE routers. Standard tools to audit Cisco/other vendors routers can be used. Especially Cisco is more likely to have management access open on customer interfaces, since Cisco ACLs are a pain in the ass to apply and maintain. Junipers are alot easier (all router access is forwarded to loopback and only loopback filters will need to be filtered). Ciscos have this feature on later IOS and high-end boxes, but many SP have yet to deploy them. Magnus
Powered by blists - more mailing lists