Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet
Jay Ashworth
jra at baylink.com
Sat Dec 7 18:18:52 UTC 2013
---- Original Message -----
> From: "Christopher Morrow" <morrowc.lists at gmail.com>
> > MPLS != Encryption. MPLS VPN = "Stick a label before the still
> > unencrypted IP packet".
>
> great, now how do I get a private link?
>
> > MPLS doesn't secure your data, you are responsible for keeping it
> > secure on the wire.
>
> but, but,but! they told me it was private!
As someone -- I think it might have been you, Chris :-) -- pointed out
to me about 6 months ago when I scoffed at SCADA networks that weren't
properly air-gapped, you can't even trust a "private T-1" -- how do you
know that an attacker hasn't put a mid-span DACS in monitor mode?
Unless you have copper conductivity from end to end, and pressurized
conduit with monitors, you can't bet on anything.
Cheers,
-- jra
--
Make Election Day a federal holiday: http://wh.gov/lBm94 100k sigs by 12/14
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA #natog +1 727 647 1274
More information about the NANOG
mailing list