Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet

Jay Ashworth jra at baylink.com
Sat Dec 7 18:18:52 UTC 2013


---- Original Message -----
> From: "Christopher Morrow" <morrowc.lists at gmail.com>

> > MPLS != Encryption. MPLS VPN = "Stick a label before the still
> > unencrypted IP packet".
> 
> great, now how do I get a private link?
> 
> > MPLS doesn't secure your data, you are responsible for keeping it
> > secure on the wire.
> 
> but, but,but! they told me it was private!

As someone -- I think it might have been you, Chris :-) -- pointed out
to me about 6 months ago when I scoffed at SCADA networks that weren't
properly air-gapped, you can't even trust a "private T-1" -- how do you
know that an attacker hasn't put a mid-span DACS in monitor mode?

Unless you have copper conductivity from end to end, and pressurized
conduit with monitors, you can't bet on anything.

Cheers,
-- jra
-- 
Make Election Day a federal holiday: http://wh.gov/lBm94  100k sigs by 12/14

Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA               #natog                      +1 727 647 1274



More information about the NANOG mailing list