Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

4/7/2009
01:39 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Researchers To Unleash Backbone-Hacking Tools At Black Hat Europe

Tools automate attacks on Multiprotocol Label Switching (MPLS) and Ethernet carrier networks

A pair of German researchers at next week's Black Hat Europe will release tools that hack backbone technologies used by service providers in some enterprise network service offerings.

More specifically, the tools -- built by Enno Rey and Daniel Mende, both with German security firm ERNW -- automate attacks on Multiprotocol Layer Switching (MPLS) and Ethernet backbone technologies. They exploit similar, inherent security weaknesses in the two networking technologies -- namely, in how they forward traffic.

The lack of security in MPLS and Ethernet is well-known, but until now the exploitation of these network technologies has been only theoretically possible, Rey says. "Our release of the tools closes that gap of these attacks being only theoretical to being practically exploitable now," he says. "These technologies do not provide any security themselves, but just rely on the assumption that the underlying network is secure."

Network infrastructure security has been in the limelight lately, with researchers uncovering big vulnerabilities in the Domain Name System (DNS), the Border Gateway Protocol (BGP), TCP, and in Cisco routers.

MPLS VPNs originally were proprietary networks when they first hit the network scene. But the evolution of service provider networks to Internet-based services has put MPLS, as well as Ethernet, in the hot seat as possible hacking targets, Rey notes. MPLS networks used to have their "own set of switches and management infrastructures, and their own set of surrounding technologies," he says, "and the average attacker could not get his hands on that equipment."

To execute an MPLS or Ethernet carrier network hack, an attacker first must get into the network, either by hacking a router or a management tool. Then Rey and Mende's MPLS hacking tool could be used: It modifies the labels that are added to packets in an MPLS network and determines how those packets are forwarded. This lets an attacker silently redirect traffic to other sites, such as a malicious DNS server or a phony authentication server, Rey says. "The victim doesn't notice anything...and the attacker has both directions of traffic [in his control]," he says. "The whole VPN model of trust is violated."

The attack doesn't target a specific vulnerabilty -- just the way MPLS operates. The story is much the same for Ethernet. VLAN-tagging, for instance, helps carriers separate different customers' traffic across their backbones. "But there's no encryption and no additional security [with Ethernet]," Rey says. "It's just traffic separated by adding some more bits to the traffic, which brings us back to being able to modify those bits [with our hacking tool]."

Rey says enterprises that use these VPN services should be aware they are vulnerable. Perform risk analysis and encrypt your traffic, he says. "Just because it's called MPLS VPN [doesn't mean] you should [automatically] trust it," he says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14994
PUBLISHED: 2019-09-19
The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before version 3.9.16, from version 3.10.0 before version 3.16.8, from version 4.0.0 before version 4.1.3, from version 4.2.0 before version 4.2.5, from version 4.3.0 before version 4.3.4, and version...
CVE-2019-15000
PUBLISHED: 2019-09-19
The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6....
CVE-2019-15001
PUBLISHED: 2019-09-19
The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.1.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain rem...
CVE-2019-16398
PUBLISHED: 2019-09-19
On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell.
CVE-2019-11779
PUBLISHED: 2019-09-19
In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.