[177750] in North American Network Operators' Group
Re: Recommended wireless AP for 400 users office
daemon@ATHENA.MIT.EDU (Paul Nash)
Wed Feb 4 08:49:02 2015
X-Original-To: nanog@nanog.org
From: Paul Nash <paul@nashnetworks.ca>
In-Reply-To: <CALFTrnPW6GLZx6HYAYbQ4EVVM3nCGcM=fGjAFOi89QifpgEEeQ@mail.gmail.com>
Date: Wed, 4 Feb 2015 08:48:53 -0500
To: Ray Soucy <rps@maine.edu>
Cc: Untitled 3 <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
It=92s the =93remote capture=94 that scares me.
I was testing some Meraki kit, called their NOC to try to debug some =
Radius issues, tech tells me =93oh yes, I can see your traffic going =
hither and yon between the test client and test server that are both in =
your office, and looking at the packet contents I can see =85.=94
With Ruckus (or almost any other) gear, I have to either open up a hole =
through my firewall or grab the packet traces and send them to the tech =
folk. They don=92t have uncontrolled access to my internal traffic out =
of the box.
paul
> On Feb 4, 2015, at 8:31 AM, Ray Soucy <rps@maine.edu> wrote:
>=20
> Honestly, in a lot of cases you don't even need a device to support
> packet capture as a feature to add it as a feature once its
> compromised. This is just FUD IMHO.
>=20
> On Wed, Feb 4, 2015 at 7:24 AM, Paul Nash <paul@nashnetworks.ca> =
wrote:
>>> I love the built-in remote packet captures,
>>=20
>> You, the NSA, and lots and lots of hackers, ALL love the remote =
packet capture. If Meraki support can turn it on, so can someone who =
penetrates their systems (by getting a job there or by hacking), and =
then they get to see everything happening INSIDE your network. Not just =
your WAN traffic, which would be bad enough.
>>=20
>> paul
>=20
>=20
>=20
> --=20
> Ray Patrick Soucy
> Network Engineer
> University of Maine System
>=20
> T: 207-561-3526
> F: 207-561-3531
>=20
> MaineREN, Maine's Research and Education Network
> www.maineren.net
