lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: magnus at (Magnus Eriksson)
Subject: MPLS Security

IndianZ wrote:

> After deep-searching Google and other search engines I only found 2 
> articles about MPLS Security (SANS and CISCO). Is that really all (or is 
> this kind of information closed to the public)?
> Does anybody know more about MPLS Vulnerabilities and what to/how to 
> pentest in a MPLS architecture? Any input about tools, hints and tricks is
> welcome...
I haven't heard of any vuln. specifically for MPLS.

I think your best shot is attacking the PE routers. If you have access 
to the media which MPLS packet traverses, sniffing traffic is a breeze 
with any descent sniffer.

Breaking out of a MPLS VPN which is configured properly is most likely 
almost impossibe without access to PE routers.

Standard tools to audit Cisco/other vendors routers can be used.

Especially Cisco is more likely to have management access open on 
customer interfaces, since Cisco ACLs are a pain in the ass to apply and 
maintain. Junipers are alot easier (all router access is forwarded to 
loopback and only loopback filters will need to be filtered). Ciscos 
have this feature on later IOS and high-end boxes, but many SP have yet 
to deploy them.


Powered by blists - more mailing lists