[167299] in North American Network Operators' Group
=?utf-8?Q?Re:_Someone=E2=80=99s_Been_Siphoning_Data_Throu?=
daemon@ATHENA.MIT.EDU (Jay Ashworth)
Sat Dec 7 13:19:20 2013
Date: Sat, 7 Dec 2013 13:18:52 -0500 (EST)
From: Jay Ashworth <jra@baylink.com>
To: NANOG <nanog@nanog.org>
In-Reply-To: <CAL9jLabss=DB6W9fa=2_-PTvkPbvEe=T_qPp9g853eR6oKD_RA@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
---- Original Message -----
> From: "Christopher Morrow" <morrowc.lists@gmail.com>
> > MPLS != Encryption. MPLS VPN = "Stick a label before the still
> > unencrypted IP packet".
>
> great, now how do I get a private link?
>
> > MPLS doesn't secure your data, you are responsible for keeping it
> > secure on the wire.
>
> but, but,but! they told me it was private!
As someone -- I think it might have been you, Chris :-) -- pointed out
to me about 6 months ago when I scoffed at SCADA networks that weren't
properly air-gapped, you can't even trust a "private T-1" -- how do you
know that an attacker hasn't put a mid-span DACS in monitor mode?
Unless you have copper conductivity from end to end, and pressurized
conduit with monitors, you can't bet on anything.
Cheers,
-- jra
--
Make Election Day a federal holiday: http://wh.gov/lBm94 100k sigs by 12/14
Jay R. Ashworth Baylink jra@baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA #natog +1 727 647 1274
