From: InfoSec News (alertsinfosecnews.org)
Date: Wed Apr 08 2009 - 01:00:50 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.darkreading.com/securityservices/services/data/showArticle.jhtml?articleID=216403220

By Kelly Jackson Higgins
DarkReading
April 07, 2009

A pair of German researchers at next week's Black Hat Europe will
release tools that hack backbone technologies used by service providers
in some enterprise network service offerings.

More specifically, the tools -- built by Enno Rey and Daniel Mende, both
with German security firm ERNW -- automate attacks on Multiprotocol
Layer Switching (MPLS) and Ethernet backbone technologies. They exploit
similar, inherent security weaknesses in the two networking technologies
-- namely, in how they forward traffic.

The lack of security in MPLS and Ethernet is well-known, but until now
the exploitation of these network technologies has been only
theoretically possible, Rey says. "Our release of the tools closes that
gap of these attacks being only theoretical to being practically
exploitable now," he says. "These technologies do not provide any
security themselves, but just rely on the assumption that the underlying
network is secure."

Network infrastructure security has been in the limelight lately, with
researchers uncovering big vulnerabilities in the Domain Name System
(DNS), the Border Gateway Protocol (BGP), TCP, and in Cisco routers.

[...]

_______________________________________________
Best Selling Security Books and More!
http://www.shopinfosecnews.org/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]