The MPLS-OPS Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] RE: Can such problem occur in MPLS
What in case of Layer2 VPN using MPLS where the customer side interface of the PE will also have a label (PW label - formerly VC label)? Can anyone intrude such VPNs in that case? Sidde Gowda Intel Corporation -----Original Message----- From: Eric Osborne [mailto:eosborne@cisco.com] Sent: Sunday, January 12, 2003 9:02 AM To: Mehwish Ahmed Cc: mpls-ops@mplsrc.com Subject: Re: [MPLS-OPS]: Can such problem occur in MPLS On Sat, Jan 11, 2003 at 01:00:27PM -0800, Mehwish Ahmed wrote: > > I got a confussion if such problems can occur in MPLS > > In any case is it possible that router in a LSP sends bogus packet with correct outgoing Label...?? > > or > > If somehow a label is spoofed from a LSP and same label is then used to sent bogus packet through LSP ...?? > > Like Router1 uses LABEL1 as outgoing label for messages send to Router2, both Router1 and Router2 are in LSP.If attacker spoofs link between Router1 and Router2 to get value of label i.e LABEL1.Then using the same LABEL1 attacker pushes rudendent data array in LSP. > Bottom line(s): 1) don't accept labels from a customer outside of a CSC scenario, and the risk of label spoofing goes away. 2) if you're talking about bugs, sure anything's possible. eric > > > --------------------------------- > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now ------- The MPLS-OPS Mailing List Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml Archive: http://www.mplsrc.com/mpls-ops_archive.shtml ------- The MPLS-OPS Mailing List Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
|
|