Modification to VPN labels in MPLS is interesting however it assumes that providers have exposed their core network to customers. Traffic can be injected into different MPLS VPNs by modifying vpn labels but this is not a trivial attack scenario. For one thing, it would mean the attacker has a view of existing traffic, an understanding of which VPNs are using specific labels, and a path that is inline to modify/ inject traffic. By this same token, attacks on route target membership associations to vpnv4 prefixes would also be a valid attack method. It's all feasible, but it's not trivial. Truman On 10/04/2009, at 4:28 AM, Christian Koch wrote:
They presented on the same topic at shmoocon, not sure if the info is any more updated for BH EUROPE, but here is the pres they did in Feb09
http://www.shmoocon.org/slides/rey_mende_all_your_packets_v05.pdf
On Thu, Apr 9, 2009 at 10:15 AM, Hector Herrera <hectorherrera@gmail.com
wrote:
On Thu, Apr 9, 2009 at 9:56 AM, Steven M. Bellovin <smb@cs.columbia.edu
wrote:
http://www.darkreading.com/securityservices/services/data/showArticle.jhtml?...
--Steve Bellovin, http://www.cs.columbia.edu/~smb<http://www.cs.columbia.edu/%7Esmb
I'll wait to read their full presentation, but according to the article it appears to me that if they have gained access to a Network Management station or a Router, that the entire network has been compromised, not just MPLS.
-- Hector Herrera President Pier Programming Services Ltd.