Presentation Title: Digging into SNMP 2007 - An Exercise on Breaking Networks
Presentation Details:

In the last years Multi Protocol Label Switching (MPLS) has become the most important backbone technology for most (if not all) carriers/providers. There’s a whole new range of MPLS based applications (’services’) sold to customers, accompanied by the usual marketing hype. After some short introduction into the basic terms and concepts of MPLS this presentation will discuss if attacks against MPLS are feasible and how common attack vectors are addressed. Some tools and advanced attacks to interfere MPLS-based VPNs will be introduced and practically demonstrated. The talk will then focus ‘Virtual Private LAN Service’ (VPLS, basically the emulation of an Ethernet-based LAN across an MPLS based backbone) which is the hottest new kid in carrier town currently. This combination of Layer 2 techniques and Layer 3 technologies will create new, yet unforeseen security problems. Their (possibly broad) implications will be analyzed and requirements for operating them securely (on the customer side) are developed.

About Enno

Enno Rey loves playing with network protocols and devices since he first heard about the internet protocol family. Prior to founding a specialized team of security researchers in 2001 he’s been working as a sysadmin and network operator. He has vast experience in designing, operating, troubleshooting and securing large networks. Furthermore he is one of the authors of the first and only German book on penetration-testing, has written several articles and white papers and is a frequent speaker on conferences. Enno’s twelve years of information security experience include a wide variety of topics, amongst them cryptography, pentesting/auditing, secure network design and technology risk evaluation. Throughout the years he has acquired the usual security certifications (CISSP, CISA, BS 7799 Lead Auditor) and has provided security consultancy services to many Fortune 500 enterprises and governmental agencies.