Network security on multiple levels (was Re: NYT covers China cyberthreat)

Jay Ashworth jra at baylink.com
Wed Feb 20 19:22:02 UTC 2013


----- Original Message -----
> From: "Owen DeLong" <owen at delong.com>

> Many DACS have provision for "monitoring" circuits and feeding the
> data off to a third circuit in an undetectable manner.
> 
> The DACS question wasn't about DACS owned by the people using the
> circuit, it was about DACS inside the circuit provider. When you buy a
> DS1 that goes through more than one CO in between two points, you're
> virtually guaranteed that it goes through one or more of {DS-3 Mux,
> Fiber Mux, DACS, etc.}. All of these are under the control of the
> circuit provider and not you.

Correct, and they expand the attack surface in ways that even many 
network engineers may not consider unless prompted.

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA               #natog                      +1 727 647 1274




More information about the NANOG mailing list