SlideShare a Scribd company logo

Mpls hacking security Myth

idsecconf
idsecconf

MPLS : Hacking & Security Myth of The Beast In Core Telecommunication Network - Gcsf

Technology
1 of 23
Download to read offline
MPLS : Hacking & Security Myth of The Beast In Core Telecommunication Network gcsf@nowhere
WHY?  TELCO Technology? Industry, Community, Academic?  Ask Others to also share their high quality research  Taking Indonesian Hacking Scene to The Higher Level (?)
MPLS?  MPLS is routing mechanism in high-performance network backbone  Route the data traffic from a node to the next node based on short path labels  Avoiding complex forwarding mechanism in routing table  Operate in between layer 2 and layer 3 (OSI model), taking advantage on the layer 2 switching performance and layer 3 routing scalability  MPLS Architecture is very well written on RFC 3031
MPLS Terminology?  Label Distribution Protocol (LDP)  Label Switched Path (LSP)  Label Switching Router (LSR)  Label Edge Router (LER) / MPLS Edge Node  Virtual Routing & Forwarding (VRF)  CE/PE/P Router  MORE? (We only describe terminology used in this document)
MPLS In Simple
MPLS Usage  Virtual Private Routed Network (VPRN) – L3VPN  Virtual Private LAN Service (VPLS) – L2VPN  Virtual Leased Line (VLL)  Traffic Engineering  In order to limit this presentation, we will only discuss L3VPN
MPLS In Broadband Network
Myth - MPLS Hacking & Security?  Provider Edge (PE) router  Encryption support  Traffic Sniffing  MPLS Label  Label Distribution Protocol  Border Gateway Protocol REFERENCE : ERNW.DE
PE Router • Usually to be shared among customers • Multiple CE router from multiple customers is connected to the single PE router • Still, the security relies on the trust model of provider private network • Missing configuration of PE router? (E.G: Mgmt Access) • A customer sending crafted packet to PE to deny services
Encryption Support  MPLS doesn’t provide encryption mechanism  Encryption of traffic in core telco relies on the encryption mechanism of higher OSI level  The security relies on the trust model of provider private network  There are some appliance that can be used to help the traffic encryption (Eg: SafeNet, Senetas)  IPSEC over MPLS?
Traffic Sniffing?  P/PE Router?  Remember, by default no encryption support!  Cisco Embeded Packet Capture (EPC)  Cisco “debug packet” with hiden option “dump”  Juniper “set forwarding-options packet-capture”  Port Mirroring is commonly used  Appliance is also commonly used (E.g: VSS, NetOptics)  DPI? LI?
Network Tapping DPI Device Encryption
MPLS Label • Injection of labeled traffic from customer CE router – RFC 2547, labeled traffic from non trusted sources must be discarded • Injection of labeled traffic from Internet – Again RFC 2547, labeled traffic from non trusted sources must be discarded • MPLS label rewriting in MPLS backbone – Possible, can be reproduced in the Lab, hard (impossible?) to implement in the real backbone
MPLS Label Rewrite  MPLS, as previously stated, use label to forward traffic  VRF “Black” & “Blue” in PE, store routing table virtually separated, hence overlap network between Bank “Black” & Bank “Blue” can be forwarded correctly  Bank “Black” can only communicate with Bank “Black” using VRF Black  Bank “Blue” can only communicate with Bank “Blue” using VRF Black
MPLS Label Rewrite  Someone in “Man In The Middle” position between PE1 & PE2 can rewrite the MPLS Label  Whoever they are, they can redirect traffic so Bank “Black” can communicate with Bank “Blue”  Bank “Black” has overlap network with Bank “Blue”  Hence, VRF “Black” and “Blue” has same routing entry  Attacker change label for traffic PE1 to PE2 with 21 & PE2 to PE1 with 15 (see table)  PE2 only know that traffic from PE1 with label 21 is for Bank “Blue”  PE1 only know that traffic from PE2 with label 15 is for Bank “Black”  Bank “Black” can communicate with Bank “Blue”  Reproduce in lab, hard (impossible?) in real MPLS network
Label Distribution Protocol • Protocol used by MPLS routers to exchange label mapping information • UDP 646 for Hello, TCP 646 for establishing LDP Session • Two MPLS routers that established LDP session called LDP Peers • Exchange of information (advertisement) is bi-directional between LDP Peers • Very well documented on RFC 5036 LDP Session Establishment (SRC: Wikipedia)  Discovery Message  Session Message  Advertisement Message  Notification Message
LDP Message Injection • LDP is used to maintain LSP databases that are used to forward traffic through MPLS Network • How if someone can inject label mapping message to LSR? • Attacker needs access to the MPLS backbone so he can: 1. Announce & maintain the presence of LSR (Hello/Discovery Message) 2. Establish & maintain LDP session (Session Message) 3. Send advertisement with label mapping message & change label database to redirect the traffic  • Again, hard (impossible?) in real MPLS network but can be reproduced in lab with specific conditions/requirements
Border Gateway Protocol • MP-BGP, in MPLS network, usually runs between PE router • It is used to route network which their routing table is in VRF • Attacker needs access to MPLS backbone either for: – Intercept & tamper initial MP-BGP exchange OR – Withdraw routes & insert new one (BGP Update with spoofed NLRI) • Again, hard (impossible?) in real MPLS network but can be reproduced in lab with specific conditions/requirements
AN EXAMPLE PROVIDED BY LOKI PROJECT/ERNW.DE  MPLS (We Only Use This For The Document) ◦ LDP, MPLS Label Rewrite  ROUTING ◦ RIP, OSPF, EIGRP, BGP  HOT-STANDBY ◦ HSRP, HSRPv2, BFD, VRRP, VRRPv3  ARP  Spoofing, MAC Flooding  ICMPv6  DOT1Q  TCP-MD5
DEMO
DEMO TOPOLOGY
DISCUSSION?! Q & A
THANK YOU 

Recommended

Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new blackRob Fuller
 
Ctf del upload
Ctf del uploadCtf del upload
Ctf del uploadSetia Juli Irzal Ismail
 
CCNA Certificate
CCNA CertificateCCNA Certificate
CCNA Certificatem_mun17
 
List of usernames and passwords for Huawei routers
List of usernames and passwords for Huawei routersList of usernames and passwords for Huawei routers
List of usernames and passwords for Huawei routersHuanetwork
 
(C#,네트워크강좌)간단한 TCP 클라이언트/서버 구현, 멀티쓰레드 기반 에코우 클라이언트/서버_C추천#/WPF/자마린실무교육학원
(C#,네트워크강좌)간단한 TCP 클라이언트/서버 구현, 멀티쓰레드 기반 에코우 클라이언트/서버_C추천#/WPF/자마린실무교육학원(C#,네트워크강좌)간단한 TCP 클라이언트/서버 구현, 멀티쓰레드 기반 에코우 클라이언트/서버_C추천#/WPF/자마린실무교육학원
(C#,네트워크강좌)간단한 TCP 클라이언트/서버 구현, 멀티쓰레드 기반 에코우 클라이언트/서버_C추천#/WPF/자마린실무교육학원탑크리에듀(구로디지털단지역3번출구 2분거리)
 
Mikrotik basic configuration
Mikrotik basic configurationMikrotik basic configuration
Mikrotik basic configurationTola LENG
 
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabellaHacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabellaidsecconf
 
Présentation rattrapage module Forensic
Présentation rattrapage module ForensicPrésentation rattrapage module Forensic
Présentation rattrapage module ForensicESD Cybersecurity Academy
 

Recommended

Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new blackRob Fuller
 
Ctf del upload
Ctf del uploadCtf del upload
Ctf del uploadSetia Juli Irzal Ismail
 
CCNA Certificate
CCNA CertificateCCNA Certificate
CCNA Certificatem_mun17
 
List of usernames and passwords for Huawei routers
List of usernames and passwords for Huawei routersList of usernames and passwords for Huawei routers
List of usernames and passwords for Huawei routersHuanetwork
 
(C#,네트워크강좌)간단한 TCP 클라이언트/서버 구현, 멀티쓰레드 기반 에코우 클라이언트/서버_C추천#/WPF/자마린실무교육학원
(C#,네트워크강좌)간단한 TCP 클라이언트/서버 구현, 멀티쓰레드 기반 에코우 클라이언트/서버_C추천#/WPF/자마린실무교육학원(C#,네트워크강좌)간단한 TCP 클라이언트/서버 구현, 멀티쓰레드 기반 에코우 클라이언트/서버_C추천#/WPF/자마린실무교육학원
(C#,네트워크강좌)간단한 TCP 클라이언트/서버 구현, 멀티쓰레드 기반 에코우 클라이언트/서버_C추천#/WPF/자마린실무교육학원탑크리에듀(구로디지털단지역3번출구 2분거리)
 
Mikrotik basic configuration
Mikrotik basic configurationMikrotik basic configuration
Mikrotik basic configurationTola LENG
 
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabellaHacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabella
Hacking oximeter untuk membantu pasien covid19 di indonesia - Ryan fabellaidsecconf
 
Présentation rattrapage module Forensic
Présentation rattrapage module ForensicPrésentation rattrapage module Forensic
Présentation rattrapage module ForensicESD Cybersecurity Academy
 
ReCertifying Active Directory
ReCertifying Active DirectoryReCertifying Active Directory
ReCertifying Active DirectoryWill Schroeder
 
What is bridge mode
What is bridge modeWhat is bridge mode
What is bridge modeLisaRay43
 
Hacking ble smartwatch
Hacking ble smartwatch Hacking ble smartwatch
Hacking ble smartwatch idsecconf
 
OWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
OWASP AppSecEU 2018 – Attacking "Modern" Web TechnologiesOWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
OWASP AppSecEU 2018 – Attacking "Modern" Web TechnologiesFrans Rosén
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinFIDO Alliance
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdumpLev Walkin
 
Mesh Topology Design in Cisco Packet Tracer
Mesh Topology Design in Cisco Packet TracerMesh Topology Design in Cisco Packet Tracer
Mesh Topology Design in Cisco Packet TracerMD. Naimur Rahman
 
Dvwa low level
Dvwa low levelDvwa low level
Dvwa low levelhackstuff
 
Workshop-Demo Breakdown.pptx
Workshop-Demo Breakdown.pptxWorkshop-Demo Breakdown.pptx
Workshop-Demo Breakdown.pptxFIDO Alliance
 
Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Fatih Ozavci
 
CAS, OpenID, Shibboleth, SAML : concepts, différences et exemples
CAS, OpenID, Shibboleth, SAML : concepts, différences et exemplesCAS, OpenID, Shibboleth, SAML : concepts, différences et exemples
CAS, OpenID, Shibboleth, SAML : concepts, différences et exemplesClément OUDOT
 
Tor project
Tor projectTor project
Tor projectAayush Varshney
 
quotation of network
quotation of networkquotation of network
quotation of networkMohammed Osman
 
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedDerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedWill Schroeder
 
Not a Security Boundary
Not a Security BoundaryNot a Security Boundary
Not a Security BoundaryWill Schroeder
 
Slide rattrapage ESD Module Forensic
Slide rattrapage ESD Module ForensicSlide rattrapage ESD Module Forensic
Slide rattrapage ESD Module ForensicESD Cybersecurity Academy
 
Welcome and FIDO Update.pptx
Welcome and FIDO Update.pptxWelcome and FIDO Update.pptx
Welcome and FIDO Update.pptxFIDO Alliance
 
Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!Zigoo0
 
MPLS
MPLSMPLS
MPLSMd Khaleduzzaman
 
MPLS-jpl.ppt
MPLS-jpl.pptMPLS-jpl.ppt
MPLS-jpl.pptdemon667714
 

More Related Content

What's hot

ReCertifying Active Directory
ReCertifying Active DirectoryReCertifying Active Directory
ReCertifying Active DirectoryWill Schroeder
 
What is bridge mode
What is bridge modeWhat is bridge mode
What is bridge modeLisaRay43
 
Hacking ble smartwatch
Hacking ble smartwatch Hacking ble smartwatch
Hacking ble smartwatch idsecconf
 
OWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
OWASP AppSecEU 2018 – Attacking "Modern" Web TechnologiesOWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
OWASP AppSecEU 2018 – Attacking "Modern" Web TechnologiesFrans Rosén
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinFIDO Alliance
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdumpLev Walkin
 
Mesh Topology Design in Cisco Packet Tracer
Mesh Topology Design in Cisco Packet TracerMesh Topology Design in Cisco Packet Tracer
Mesh Topology Design in Cisco Packet TracerMD. Naimur Rahman
 
Dvwa low level
Dvwa low levelDvwa low level
Dvwa low levelhackstuff
 
Workshop-Demo Breakdown.pptx
Workshop-Demo Breakdown.pptxWorkshop-Demo Breakdown.pptx
Workshop-Demo Breakdown.pptxFIDO Alliance
 
Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Fatih Ozavci
 
CAS, OpenID, Shibboleth, SAML : concepts, différences et exemples
CAS, OpenID, Shibboleth, SAML : concepts, différences et exemplesCAS, OpenID, Shibboleth, SAML : concepts, différences et exemples
CAS, OpenID, Shibboleth, SAML : concepts, différences et exemplesClément OUDOT
 
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedDerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedWill Schroeder
 
Not a Security Boundary
Not a Security BoundaryNot a Security Boundary
Not a Security BoundaryWill Schroeder
 
Welcome and FIDO Update.pptx
Welcome and FIDO Update.pptxWelcome and FIDO Update.pptx
Welcome and FIDO Update.pptxFIDO Alliance
 
Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!Zigoo0
 

What's hot (20)

ReCertifying Active Directory
ReCertifying Active DirectoryReCertifying Active Directory
ReCertifying Active Directory
 
What is bridge mode
What is bridge modeWhat is bridge mode
What is bridge mode
 
Hacking ble smartwatch
Hacking ble smartwatch Hacking ble smartwatch
Hacking ble smartwatch
 
OWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
OWASP AppSecEU 2018 – Attacking "Modern" Web TechnologiesOWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
OWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for All
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
 
Introduction to tcpdump
Introduction to tcpdumpIntroduction to tcpdump
Introduction to tcpdump
 
Mesh Topology Design in Cisco Packet Tracer
Mesh Topology Design in Cisco Packet TracerMesh Topology Design in Cisco Packet Tracer
Mesh Topology Design in Cisco Packet Tracer
 
Dvwa low level
Dvwa low levelDvwa low level
Dvwa low level
 
Workshop-Demo Breakdown.pptx
Workshop-Demo Breakdown.pptxWorkshop-Demo Breakdown.pptx
Workshop-Demo Breakdown.pptx
 
Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!Departed Communications: Learn the ways to smash them!
Departed Communications: Learn the ways to smash them!
 
CAS, OpenID, Shibboleth, SAML : concepts, différences et exemples
CAS, OpenID, Shibboleth, SAML : concepts, différences et exemplesCAS, OpenID, Shibboleth, SAML : concepts, différences et exemples
CAS, OpenID, Shibboleth, SAML : concepts, différences et exemples
 
Tor project
Tor projectTor project
Tor project
 
quotation of network
quotation of networkquotation of network
quotation of network
 
DerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting RevisitedDerbyCon 2019 - Kerberoasting Revisited
DerbyCon 2019 - Kerberoasting Revisited
 
Not a Security Boundary
Not a Security BoundaryNot a Security Boundary
Not a Security Boundary
 
Slide rattrapage ESD Module Forensic
Slide rattrapage ESD Module ForensicSlide rattrapage ESD Module Forensic
Slide rattrapage ESD Module Forensic
 
Welcome and FIDO Update.pptx
Welcome and FIDO Update.pptxWelcome and FIDO Update.pptx
Welcome and FIDO Update.pptx
 
Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!Hacking ATM machines for fun and profit!
Hacking ATM machines for fun and profit!
 

Similar to Mpls hacking security Myth

VPN Using MPLS Technique
VPN Using MPLS TechniqueVPN Using MPLS Technique
VPN Using MPLS TechniqueAhmad Atta
 
Multi Protocol Label Switching. (by Rahil Reyaz)
Multi Protocol Label Switching. (by Rahil Reyaz)Multi Protocol Label Switching. (by Rahil Reyaz)
Multi Protocol Label Switching. (by Rahil Reyaz)RAHIL REYAZ
 
Broadband Network Presentation
Broadband Network PresentationBroadband Network Presentation
Broadband Network PresentationMuhammad Faisal
 
Mpls Traffic Engineering ppt
Mpls Traffic Engineering pptMpls Traffic Engineering ppt
Mpls Traffic Engineering pptNitin Gehlot
 
MPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicMPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicEricsson
 
Multi-Protocol Label Switching
Multi-Protocol Label SwitchingMulti-Protocol Label Switching
Multi-Protocol Label Switchingseanraz
 

Similar to Mpls hacking security Myth (20)

MPLS
MPLSMPLS
MPLS
 
MPLS-jpl.ppt
MPLS-jpl.pptMPLS-jpl.ppt
MPLS-jpl.ppt
 
VPN Using MPLS Technique
VPN Using MPLS TechniqueVPN Using MPLS Technique
VPN Using MPLS Technique
 
MPLS Presentation
MPLS PresentationMPLS Presentation
MPLS Presentation
 
Multi Protocol Label Switching. (by Rahil Reyaz)
Multi Protocol Label Switching. (by Rahil Reyaz)Multi Protocol Label Switching. (by Rahil Reyaz)
Multi Protocol Label Switching. (by Rahil Reyaz)
 
yun-MPLS.ppt
yun-MPLS.pptyun-MPLS.ppt
yun-MPLS.ppt
 
Broadband Network Presentation
Broadband Network PresentationBroadband Network Presentation
Broadband Network Presentation
 
MPLS
MPLSMPLS
MPLS
 
Mpls
MplsMpls
Mpls
 
Mpls
MplsMpls
Mpls
 
Mpls Traffic Engineering ppt
Mpls Traffic Engineering pptMpls Traffic Engineering ppt
Mpls Traffic Engineering ppt
 
MPLS-extra.ppt
MPLS-extra.pptMPLS-extra.ppt
MPLS-extra.ppt
 
MPLS
MPLSMPLS
MPLS
 
Switching systems lecture8 mpls
Switching systems lecture8 mplsSwitching systems lecture8 mpls
Switching systems lecture8 mpls
 
MPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicMPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - Basic
 
VPLS Fundamental
VPLS FundamentalVPLS Fundamental
VPLS Fundamental
 
J010136172
J010136172J010136172
J010136172
 
QOS of MPLS
QOS of MPLSQOS of MPLS
QOS of MPLS
 
MPLS.pptx
MPLS.pptxMPLS.pptx
MPLS.pptx
 
Multi-Protocol Label Switching
Multi-Protocol Label SwitchingMulti-Protocol Label Switching
Multi-Protocol Label Switching
 

More from idsecconf

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...idsecconf
 
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...idsecconf
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf
 
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdfidsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdfidsecconf
 
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...idsecconf
 
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...idsecconf
 
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...idsecconf
 
Ali - The Journey-Hack Electron App Desktop (MacOS).pdf
Ali - The Journey-Hack Electron App Desktop (MacOS).pdfAli - The Journey-Hack Electron App Desktop (MacOS).pdf
Ali - The Journey-Hack Electron App Desktop (MacOS).pdfidsecconf
 
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...idsecconf
 
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdfRama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdfidsecconf
 
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...idsecconf
 
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdfNosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdfidsecconf
 
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...idsecconf
 
Utian Ayuba - Profiling The Cloud Crime.pdf
Utian Ayuba - Profiling The Cloud Crime.pdfUtian Ayuba - Profiling The Cloud Crime.pdf
Utian Ayuba - Profiling The Cloud Crime.pdfidsecconf
 
Proactive cyber defence through adversary emulation for improving your securi...
Proactive cyber defence through adversary emulation for improving your securi...Proactive cyber defence through adversary emulation for improving your securi...
Proactive cyber defence through adversary emulation for improving your securi...idsecconf
 
Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
Perkembangan infrastruktur kunci publik di indonesia - Andika TriwidadaPerkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidadaidsecconf
 
Pentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - AbdullahPentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - Abdullahidsecconf
 
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...idsecconf
 
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi DwiantoDevsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwiantoidsecconf
 
Stream crime
Stream crime Stream crime
Stream crime idsecconf
 

More from idsecconf (20)

idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
idsecconf2023 - Mochammad Riyan Firmansyah - Takeover Cloud Managed Router vi...
 
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
idsecconf2023 - Neil Armstrong - Leveraging IaC for Stealthy Infrastructure A...
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
 
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdfidsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
idsecconf2023 - Rama Tri Nanda - Hacking Smart Doorbell.pdf
 
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
idsecconf2023 - Akshantula Neha, Mohammad Febri Ramadlan - Cyber Harmony Auto...
 
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
idsecconf2023 - Aan Wahyu - Hide n seek with android app protections and beat...
 
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
idsecconf2023 - Satria Ady Pradana - Launch into the Stratus-phere Adversary ...
 
Ali - The Journey-Hack Electron App Desktop (MacOS).pdf
Ali - The Journey-Hack Electron App Desktop (MacOS).pdfAli - The Journey-Hack Electron App Desktop (MacOS).pdf
Ali - The Journey-Hack Electron App Desktop (MacOS).pdf
 
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
Muh. Fani Akbar - Infiltrate Into Your AWS Cloud Environment Through Public E...
 
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdfRama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
Rama Tri Nanda - NFC Hacking Hacking NFC Reverse Power Supply Padlock.pdf
 
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
Arief Karfianto - Proposed Security Model for Protecting Patients Data in Ele...
 
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdfNosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf
Nosa Shandy - Clickjacking That Worthy-Google Bug Hunting Story.pdf
 
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
Baskoro Adi Pratomo - Evaluasi Perlindungan Privasi Pengguna pada Aplikasi-Ap...
 
Utian Ayuba - Profiling The Cloud Crime.pdf
Utian Ayuba - Profiling The Cloud Crime.pdfUtian Ayuba - Profiling The Cloud Crime.pdf
Utian Ayuba - Profiling The Cloud Crime.pdf
 
Proactive cyber defence through adversary emulation for improving your securi...
Proactive cyber defence through adversary emulation for improving your securi...Proactive cyber defence through adversary emulation for improving your securi...
Proactive cyber defence through adversary emulation for improving your securi...
 
Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
Perkembangan infrastruktur kunci publik di indonesia - Andika TriwidadaPerkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
Perkembangan infrastruktur kunci publik di indonesia - Andika Triwidada
 
Pentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - AbdullahPentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - Abdullah
 
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
 
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi DwiantoDevsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
Devsecops: membangun kemampuan soc di dalam devsecops pipeline - Dedi Dwianto
 
Stream crime
Stream crime Stream crime
Stream crime
 

Recently uploaded

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 

Recently uploaded (20)

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 

Mpls hacking security Myth

  • 1. MPLS : Hacking & Security Myth of The Beast In Core Telecommunication Network gcsf@nowhere
  • 2. WHY?  TELCO Technology? Industry, Community, Academic?  Ask Others to also share their high quality research  Taking Indonesian Hacking Scene to The Higher Level (?)
  • 3. MPLS?  MPLS is routing mechanism in high-performance network backbone  Route the data traffic from a node to the next node based on short path labels  Avoiding complex forwarding mechanism in routing table  Operate in between layer 2 and layer 3 (OSI model), taking advantage on the layer 2 switching performance and layer 3 routing scalability  MPLS Architecture is very well written on RFC 3031
  • 4. MPLS Terminology?  Label Distribution Protocol (LDP)  Label Switched Path (LSP)  Label Switching Router (LSR)  Label Edge Router (LER) / MPLS Edge Node  Virtual Routing & Forwarding (VRF)  CE/PE/P Router  MORE? (We only describe terminology used in this document)
  • 6. MPLS Usage  Virtual Private Routed Network (VPRN) – L3VPN  Virtual Private LAN Service (VPLS) – L2VPN  Virtual Leased Line (VLL)  Traffic Engineering  In order to limit this presentation, we will only discuss L3VPN
  • 8. Myth - MPLS Hacking & Security?  Provider Edge (PE) router  Encryption support  Traffic Sniffing  MPLS Label  Label Distribution Protocol  Border Gateway Protocol REFERENCE : ERNW.DE
  • 9. PE Router • Usually to be shared among customers • Multiple CE router from multiple customers is connected to the single PE router • Still, the security relies on the trust model of provider private network • Missing configuration of PE router? (E.G: Mgmt Access) • A customer sending crafted packet to PE to deny services
  • 10. Encryption Support  MPLS doesn’t provide encryption mechanism  Encryption of traffic in core telco relies on the encryption mechanism of higher OSI level  The security relies on the trust model of provider private network  There are some appliance that can be used to help the traffic encryption (Eg: SafeNet, Senetas)  IPSEC over MPLS?
  • 11. Traffic Sniffing?  P/PE Router?  Remember, by default no encryption support!  Cisco Embeded Packet Capture (EPC)  Cisco “debug packet” with hiden option “dump”  Juniper “set forwarding-options packet-capture”  Port Mirroring is commonly used  Appliance is also commonly used (E.g: VSS, NetOptics)  DPI? LI?
  • 13. MPLS Label • Injection of labeled traffic from customer CE router – RFC 2547, labeled traffic from non trusted sources must be discarded • Injection of labeled traffic from Internet – Again RFC 2547, labeled traffic from non trusted sources must be discarded • MPLS label rewriting in MPLS backbone – Possible, can be reproduced in the Lab, hard (impossible?) to implement in the real backbone
  • 14. MPLS Label Rewrite  MPLS, as previously stated, use label to forward traffic  VRF “Black” & “Blue” in PE, store routing table virtually separated, hence overlap network between Bank “Black” & Bank “Blue” can be forwarded correctly  Bank “Black” can only communicate with Bank “Black” using VRF Black  Bank “Blue” can only communicate with Bank “Blue” using VRF Black
  • 15. MPLS Label Rewrite  Someone in “Man In The Middle” position between PE1 & PE2 can rewrite the MPLS Label  Whoever they are, they can redirect traffic so Bank “Black” can communicate with Bank “Blue”  Bank “Black” has overlap network with Bank “Blue”  Hence, VRF “Black” and “Blue” has same routing entry  Attacker change label for traffic PE1 to PE2 with 21 & PE2 to PE1 with 15 (see table)  PE2 only know that traffic from PE1 with label 21 is for Bank “Blue”  PE1 only know that traffic from PE2 with label 15 is for Bank “Black”  Bank “Black” can communicate with Bank “Blue”  Reproduce in lab, hard (impossible?) in real MPLS network
  • 16. Label Distribution Protocol • Protocol used by MPLS routers to exchange label mapping information • UDP 646 for Hello, TCP 646 for establishing LDP Session • Two MPLS routers that established LDP session called LDP Peers • Exchange of information (advertisement) is bi-directional between LDP Peers • Very well documented on RFC 5036 LDP Session Establishment (SRC: Wikipedia)  Discovery Message  Session Message  Advertisement Message  Notification Message
  • 17. LDP Message Injection • LDP is used to maintain LSP databases that are used to forward traffic through MPLS Network • How if someone can inject label mapping message to LSR? • Attacker needs access to the MPLS backbone so he can: 1. Announce & maintain the presence of LSR (Hello/Discovery Message) 2. Establish & maintain LDP session (Session Message) 3. Send advertisement with label mapping message & change label database to redirect the traffic  • Again, hard (impossible?) in real MPLS network but can be reproduced in lab with specific conditions/requirements
  • 18. Border Gateway Protocol • MP-BGP, in MPLS network, usually runs between PE router • It is used to route network which their routing table is in VRF • Attacker needs access to MPLS backbone either for: – Intercept & tamper initial MP-BGP exchange OR – Withdraw routes & insert new one (BGP Update with spoofed NLRI) • Again, hard (impossible?) in real MPLS network but can be reproduced in lab with specific conditions/requirements
  • 19. AN EXAMPLE PROVIDED BY LOKI PROJECT/ERNW.DE  MPLS (We Only Use This For The Document) ◦ LDP, MPLS Label Rewrite  ROUTING ◦ RIP, OSPF, EIGRP, BGP  HOT-STANDBY ◦ HSRP, HSRPv2, BFD, VRRP, VRRPv3  ARP  Spoofing, MAC Flooding  ICMPv6  DOT1Q  TCP-MD5
  • 20. DEMO