Kelly Jackson Higgins at DarkReading writes that a pair of German researchers have developed a set of tools that automate attacks on the Multiprotocol Layer Switching (MPLS) and Ethernet networking technologies used in some enterprise network service offerings.

The tools exploit similar inherent security weaknesses in the two networking technologies — namely in how they forward traffic.

[...]

To execute an MPLS or Ethernet carrier network hack, the attacker first must get into the network, either by hacking a router or a management tool. Then Rey and Mende’s MPLS hacking tool could be used: It modifies the labels that are added to packets in an MPLS network and determine how those packets get forwarded. This lets an attacker silently redirect traffic to other sites, such as a malicious DNS server or a phony authentication server, Rey says. “The victim doesn’t notice anything and the attacker has both directions of traffic” in his control, he says. “The whole VPN model of trust is violated,” he says.

The attack doesn’t target a specific vulnerabilty — just the way MPLS operates. The story is much the same for Ethernet. VLAN-tagging, for instance, helps carriers separate different customers’ traffic across their backbones. “But there’s no encryption and no additional security” with Ethernet, Rey says. “It’s just traffic separated by adding some more bits to the traffic, which brings us back to being able to modify those bits” with our hacking tool, he says.

The researchers plan to release the tools at Black Hat Europe next week.