lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: erey at ernw.de (Enno Rey)
Subject: MPLS Security

Hi,

On Fri, Nov 28, 2003 at 09:57:31AM +0100, Magnus Eriksson wrote:
> IndianZ wrote:
> 
> >After deep-searching Google and other search engines I only found 2 
> >articles about MPLS Security (SANS and CISCO). Is that really all (or is 
> >this kind of information closed to the public)?
> >
> >Does anybody know more about MPLS Vulnerabilities and what to/how to 
> >pentest in a MPLS architecture? Any input about tools, hints and tricks is
> >welcome...
> I haven't heard of any vuln. specifically for MPLS.

some months ago I put up an MPLS risk analysis table during a project.
I can't publish it yet (as there are sensitive customer data in it) but will do so in the near future (anonymized).
These are the URLs I used in the reference; by them you should be able get a rough overview of the 'security aspects' of MPLS.

thanks,

-- 
Enno Rey

ERNW Enno Rey Netzwerke GmbH - Zaehringerstr. 46 - 69115 Heidelberg
Tel. +49 6221 480390 - Fax 6221 419008 - Mobil +49 173 6745902
www.ernw.de - PGP E5CB 9505 EA06 6380 6F12  DE3E 624E 1334 326B B70C

 
----------
[1] NSA Guide: http://nsa1.conxion.com/cisco/guides/cis-2.pdf
[2]: Secure IOS Template: http://www.cymru.com/Documents/secure-ios-template.html
[3]: Cisco Dokument ?Improving Security on Cisco Routers?: http://www.cisco.com/warp/public/707/21.html
[4]: Cisco Dokument ?Security of the MPLS Architecture?: ftp://ftp-eng.cisco.com/cons/isp/security/MPLS-Security/mxinf-ds.pdf
[5] Juniper Dokument ?JUNOS Router Security?: http://www.juniper.net/solutions/literature/app_note/350013.pdf
[6] BT Dokument ?Carrier requirements of core IP routers 2002?: http://www.btexact.com/docimages/42267/42267.pdf 
[7] Cisco Networkers Session SEC-370 (2001) ?Understanding MPLS/VPN Security Issues?: ftp://ftp-eng.cisco.com/cons/isp/security/MPLS-Security/SEC-370-mpls-security.pdf
[8] Cisco Dokument ?LS MPLS/VPN Security Considerations?: ftp://ftp-eng.cisco.com/cons/isp/security/MPLS-Security/MPLS-Sec-V1.pdf
[9] MPLS LDP Inbound Label Binding Filtering: http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00801b23a2.html
[10] VRF maximum routes: http://www.cisco.com/en/US/products/sw/iosswrel/ps1830/products_feature_guide09186a0080087b1f.html
[11] Cisco Dokument ?Key Management von Routing-Protokollen?:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt2/1cfindep.htm#1001635
[12] Cisco Dokument ?BGP maximum-prefix?: http://www.cisco.com/en/US/tech/tk365/tk80/technologies_configuration_example09186a008010a28a.shtml
[13] Cisco ISP Essentials: www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip
[14] http://www.netw3.com/documents/Protecting_Network_Infrastructure.htm
[15] http://www.blackhat.com/presentations/bh-europe-01/fischbach/bh-europe-01-fischbach.ppt 


Powered by blists - more mailing lists