http://www.darkreading.com/securityservices/services/data/showArticle.jhtml?articleID=216403220 By Kelly Jackson Higgins DarkReading April 07, 2009 A pair of German researchers at next week's Black Hat Europe will release tools that hack backbone technologies used by service providers in some enterprise network service offerings. More specifically, the tools -- built by Enno Rey and Daniel Mende, both with German security firm ERNW -- automate attacks on Multiprotocol Layer Switching (MPLS) and Ethernet backbone technologies. They exploit similar, inherent security weaknesses in the two networking technologies -- namely, in how they forward traffic. The lack of security in MPLS and Ethernet is well-known, but until now the exploitation of these network technologies has been only theoretically possible, Rey says. "Our release of the tools closes that gap of these attacks being only theoretical to being practically exploitable now," he says. "These technologies do not provide any security themselves, but just rely on the assumption that the underlying network is secure." Network infrastructure security has been in the limelight lately, with researchers uncovering big vulnerabilities in the Domain Name System (DNS), the Border Gateway Protocol (BGP), TCP, and in Cisco routers. [...] _______________________________________________ Best Selling Security Books and More! http://www.shopinfosecnews.org/Received on Tue Apr 07 2009 - 23:00:50 PDT
This archive was generated by hypermail 2.2.0 : Tue Apr 07 2009 - 23:09:23 PDT