The MPLS-OPS Archive

[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index][Thread Index][Author Index][Subject Index]

Re: Can such problem occur in MPLS

From: Eric Osborne <eosborne@cisco.com>
Date: Mon, 13 Jan 2003 08:32:56 -0500
Cc: "'Eric Osborne'" <eosborne@cisco.com>, Mehwish Ahmed <mehwishkhurshid@yahoo.com>, mpls-ops@mplsrc.com
Resent-Date: Mon, 13 Jan 2003 10:03:23 -0500
To: "Gowda, Sidde" <sidde.gowda@intel.com>
User-Agent: Mutt/1.2.5i
X-GPG-Fingerprint: 6412 0836 E440 B3EA 980C 4951 611E 1819 2E71 8562

On Mon, Jan 13, 2003 at 12:08:16AM -0800, Gowda, Sidde wrote:
> What in case of Layer2 VPN using MPLS where the customer side interface of
> the PE will also have a label (PW label - formerly VC label)?
> Can anyone intrude such VPNs in that case?
> 

Packets are not switched on the VC label, so I think the odds of this
are likely.  Plus, a proper L2 PE should not accept PW or label stacks
from a customer, making this even less likely.  As with all software,
anything is possible.




eric  

> Sidde Gowda
> Intel Corporation
> 
> -----Original Message-----
> From: Eric Osborne [mailto:eosborne@cisco.com] 
> Sent: Sunday, January 12, 2003 9:02 AM
> To: Mehwish Ahmed
> Cc: mpls-ops@mplsrc.com
> Subject: Re: [MPLS-OPS]: Can such problem occur in MPLS
> 
> On Sat, Jan 11, 2003 at 01:00:27PM -0800, Mehwish Ahmed wrote:
> > 
> > I got a confussion if such problems can occur in MPLS
> > 
> > In any case is it possible that router in a LSP sends bogus packet with
> correct outgoing Label...??
> > 
> > or
> > 
> > If somehow a label is spoofed from a LSP and same label is then used to
> sent bogus packet through LSP ...??
> > 
> > Like Router1 uses LABEL1 as outgoing label for messages send to Router2,
> both Router1 and Router2 are in LSP.If attacker spoofs link between Router1
> and Router2  to get value of label i.e LABEL1.Then using the same LABEL1
> attacker pushes rudendent data array in LSP. 
> > 
> 
> Bottom line(s):
> 
> 1) don't accept labels from a customer outside of a CSC scenario, and
>    the risk of label spoofing goes away.
> 
> 2) if you're talking about bugs, sure anything's possible.
> 
> 
> 
> 
> eric
> 
> > 
> > 
> > ---------------------------------
> > Do you Yahoo!?
> > Yahoo! Mail Plus - Powerful. Affordable. Sign up now
> 
> -------
> The MPLS-OPS Mailing List
> Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
> Archive: http://www.mplsrc.com/mpls-ops_archive.shtml

-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml

References:
- RE: Can such problem occur in MPLS
  - From: "Gowda, Sidde" <sidde.gowda@intel.com>
- RE: Can such problem occur in MPLS
  - From: "Gowda, Sidde" <sidde.gowda@intel.com>