huawei

Scott Helms khelms at zcorum.com
Sat Jun 15 11:49:53 UTC 2013


I can't agree Jimmy, I don't see a few bps being anywhere close to being
useful in any of the scenarios your describe especially because there are
easier ways of doing those things.  To do any of that the first thing you
have to do is establish the C&C channel so now you have a very low bit rate
bi-directional communication so by the time the C&C asks the router to
start stealing a key the IP of one of the IPSEC tunnel has changed.  If the
router intercepts traffic for a given IP or block what is going to do with
it?  It has very little non-volatile storage and we have such a low bit
rate of communication that it can't just send a copy.  A core router seldom
has so many spare CPU cycles & free RAM that it can afford to read through
the data and glean the interesting bits.


Scott Helms
Vice President of Technology
ZCorum
(678) 507-5000
--------------------------------
http://twitter.com/kscotthelms
--------------------------------


On Sat, Jun 15, 2013 at 2:56 AM, Jimmy Hess <mysidia at gmail.com> wrote:

> On 6/14/13, Scott Helms <khelms at zcorum.com> wrote:
> > Is it possible?  Yes, but it's not feasible because the data rate would
> be
> > too low.  That's what I'm trying to get across.  There are lots things
> that
> > can be done but many of those are not useful.
> [snip]
>
> I agree that the data rate will be low. I don't agree that it's not
> feasible.
>
> There will be indeed be _plenty_ of ways that a low bit rate channel
> can do everything the right adversary needs.
>
> A few bits for second is plenty of data rate for  sending control
> commands/rule changes to a router backdoor mechanism, stealing
> passwords, or leaking cryptographic keys   required to decrypt the VPN
> data stream intercepted from elsewhere on the network,   leaking
> counters, snmp communities, or interface descriptions,   or
> criteria-selected forwarded data samples, etc....
>
>
> --
> -JH
>



More information about the NANOG mailing list