[160955] in North American Network Operators' Group
Re: Network security on multiple levels (was Re: NYT covers China
daemon@ATHENA.MIT.EDU (Jay Ashworth)
Wed Feb 20 14:23:38 2013
Date: Wed, 20 Feb 2013 14:22:02 -0500 (EST)
From: Jay Ashworth <jra@baylink.com>
To: NANOG <nanog@nanog.org>
In-Reply-To: <7730582D-EA89-4516-B38E-6ADF0051BCD9@delong.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
----- Original Message -----
> From: "Owen DeLong" <owen@delong.com>
> Many DACS have provision for "monitoring" circuits and feeding the
> data off to a third circuit in an undetectable manner.
>
> The DACS question wasn't about DACS owned by the people using the
> circuit, it was about DACS inside the circuit provider. When you buy a
> DS1 that goes through more than one CO in between two points, you're
> virtually guaranteed that it goes through one or more of {DS-3 Mux,
> Fiber Mux, DACS, etc.}. All of these are under the control of the
> circuit provider and not you.
Correct, and they expand the attack surface in ways that even many
network engineers may not consider unless prompted.
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA #natog +1 727 647 1274
