Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet

Jay Ashworth jra at
Sat Dec 7 18:18:52 UTC 2013

---- Original Message -----
> From: "Christopher Morrow" <morrowc.lists at>

> > MPLS != Encryption. MPLS VPN = "Stick a label before the still
> > unencrypted IP packet".
> great, now how do I get a private link?
> > MPLS doesn't secure your data, you are responsible for keeping it
> > secure on the wire.
> but, but,but! they told me it was private!

As someone -- I think it might have been you, Chris :-) -- pointed out
to me about 6 months ago when I scoffed at SCADA networks that weren't
properly air-gapped, you can't even trust a "private T-1" -- how do you
know that an attacker hasn't put a mid-span DACS in monitor mode?

Unless you have copper conductivity from end to end, and pressurized
conduit with monitors, you can't bet on anything.

-- jra
Make Election Day a federal holiday:  100k sigs by 12/14

Jay R. Ashworth                  Baylink                       jra at
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates         2000 Land Rover DII
St Petersburg FL USA               #natog                      +1 727 647 1274

More information about the NANOG mailing list