huawei

Scott Helms khelms at zcorum.com
Sat Jun 15 11:44:32 UTC 2013


With the CPU and RAM available in a router that has to actually continue
functioning at the same time?  Exactly how much data through put would you
consider to be usable in this scenario?

Again, my point is not that its impossible but that all these things are
impractical AND there are easier/faster/cheaper ways of capturing traffic.
 There are also easier/faster/cheaper ways of disrupting traffic.  Routers
in the core are great places to execute a targeted man in the middle
attack.  They're great places to disrupt traffic by behaving erratically,
intentionally mangling dynamic routing protocols, or by simply going dark.
 They're terrible places for gathering non-targeted information because the
amount of data flowing through them means that that the likelihood of any
give packet having any value is very very low.  If the goal includes
stealing data then leveraging edge routing is much more realistic and
leveraging PCs is several orders of magnitude better because there is much
more available horsepower and its much easier to make a PC passively listen
for interesting data on its own.


Scott Helms
Vice President of Technology
ZCorum
(678) 507-5000
--------------------------------
http://twitter.com/kscotthelms
--------------------------------


On Sat, Jun 15, 2013 at 4:12 AM, Eugen Leitl <eugen at leitl.org> wrote:

> On Fri, Jun 14, 2013 at 07:51:22PM -0400, Scott Helms wrote:
> > Really? In a completely controlled network then yes, but not in a
> > production system.  There is far too much random noise and actual latency
> > for that to be feasible.
>
> The coding used for the stegano side channel can be made quite robust,
> see watermarking.
>
>



More information about the NANOG mailing list