Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet

Eugeniu Patrascu eugen at
Fri Dec 6 19:55:52 UTC 2013

On Fri, Dec 6, 2013 at 9:48 PM, Jared Mauch <jared at> wrote:

> On Dec 6, 2013, at 1:39 PM, Brandon Galbraith <brandon.galbraith at>
> wrote:
> > If your flows are a target, or your data is of an extremely sensitive
> > nature (diplomatic, etc), why aren't you moving those bits over
> > something more private than IP (point to point L2, MPLS)? This doesn't
> > work for the VoIP target mentioned, but foreign ministries should most
> > definitely not be trusting encryption alone.
> I will ruin someones weekend here, but:
> MPLS != Encryption.  MPLS VPN = "Stick a label before the still
> unencrypted IP packet".
> MPLS doesn't secure your data, you are responsible for keeping it secure
> on the wire.
It's always interesting to watch someone's expression when they hear that
MPLS VPN, even if it says VPN in the name is not encrypted. Priceless every
time :)

More information about the NANOG mailing list