Overview

The Label Distribution Protocol (LDP) used in Multiprotocol Label Switching (MPLS) is used for distributing labels. It is the set of procedures and messages by which Label Switched Routers (LSRs) establish Label Switched Paths (LSPs) through a network by mapping network-layer routing information directly to data-link layer switched paths.


Testing environment requirements

  • beSTORM 13.2.0 or later (licensed)
  • Windows 10 or later
  • A router that supports the MPLS LDP protocol (this will be the device under test [DUT])


Fuzzing with beSTORM

To fuzz with the MPLS LDP protocol in beSTORM, do the following:

  1. Using a network cable, connect the MPLS LDP-supported router (DUT) to the beSTORM computer's ethernet adapter.
  2. Open beSTORM Client.
  3. Select New Project. The beSTORM New Project Wizard opens.
  4. On the Welcome page, do the following:
    1. In the Project Name box, enter a name
    2. Optionally, select a different file location for your project in the Location Name box.
    3. For Please select the wizard, select Advanced. Leave all other parameters to their default setting.
  5. Select Next.
  6. On the Basic Configuration page, do the following:
    1. In the beSTORM's predefined modules list, select MPLS LDP.
    2. In the Network Device list, select the beSTORM computer's ethernet adapter where you connected your network cable.
  7. Select Next.
  8. On the Advanced Configuration page, adjust Scale Type to reduce the number of combinations and overall testing duration. For the least number of combinations and shortest testing duration, select Base10.
  9. Select Next.
  10. On the Module Environment page, do the following to the first five parameters:
    1. Interface Name - In the Value box, confirm it is set to the ethernet adapter you selected in step 6b.
    2. Destination IP Address - In the Value box, enter the IP address of the DUT router (for the interface connected to in the router).
    3. Destination Address - Double-click the Value box. In the MAC Address Finder dialog, enter the IP address of the DUT router, and then select Find. The MAC Address box will refresh and display the MAC address of the IPsec computer. Select OK.
    4. Sender IP Address - In the Value box, enter the IP address of the beSTORM computer.
    5. Source Address - Double-click the Value box. In the MAC Address Finder dialog, enter the IP address of the beSTORM computer and then select Find. The MAC Address box will refresh and display the MAC address of the beSTORM computer. Select OK.
    6. Source Port - Use the default value (646).
    7. Optionally, you can adjust the remaining parameters to further refine MPLS LDP fuzzing with beSTORM.
  11. Select Next.
  12. On the Test Selection page, select the MPLS LDP request types you want to fuzz.
  13. Select Next.
  14. On the Extra Configuration page, do the following:
    1. Select the ARP Echo and ICMP Echo checkboxes. 
    2. Set the Monitored IP Address to the router's IPv4 Address. Leave all other parameters to their default setting.
  15. Select Next.
  16. On the Complete beSTORM wizard page, select Finish to begin fuzzing, or clear the Auto-start beSTORM scan now checkbox to run the test later.
  17. Once your test begins, if an exception occurs (that is, an attack was successful), a message will appear in an Exception Information dialog informing you that the router is not responding. This indicates a possible vulnerability. Testing will resume after five seconds unless you select Pause Test.
  18. When fuzzing is complete, select Report > Generate Report from the beSTORM Client to generate a more comprehensive report of your test.