[160961] in North American Network Operators' Group
Re: Network security on multiple levels (was Re: NYT covers China
daemon@ATHENA.MIT.EDU (Jack Bates)
Wed Feb 20 15:21:08 2013
Date: Wed, 20 Feb 2013 14:20:45 -0600
From: Jack Bates <jbates@brightok.net>
To: nanog@nanog.org
In-Reply-To: <Pine.LNX.4.61.1302201401570.26706@soloth.lewis.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 2/20/2013 1:05 PM, Jon Lewis wrote:
>
> See thread: nanog impossible circuit
>
> Even your leased lines can have packets copied off or injected into
> them, apparently so easily it can be done by accident.
>
This is especially true with pseudo-wire and mpls. Most of my equipment
can filter based mirror to alternative mpls circuits where I can drop
packets into my analyzers. If I misconfigure, those packets could easily
find themselves back on public networks.
Jack
