huawei

Rich Kulawiec rsk at gsp.org
Sat Jun 15 12:13:50 UTC 2013


First: this is a fascinating discussion.  Thank you.

Second:

On Sat, Jun 15, 2013 at 01:56:34AM -0500, Jimmy Hess wrote:
> There will be indeed be _plenty_ of ways that a low bit rate channel
> can do everything the right adversary needs.
> 
> A few bits for second is plenty of data rate for  sending control
> commands/rule changes to a router backdoor mechanism, stealing
> passwords, or leaking cryptographic keys   required to decrypt the VPN
> data stream intercepted from elsewhere on the network,   leaking
> counters, snmp communities, or interface descriptions,   or
> criteria-selected forwarded data samples, etc....

I was actually thinking much slower: a few bits per *day*.  Maybe slower yet.

(So what if it takes a month to transmit a single 15-character password?)

For people who think in terms of instant gratification, or perhaps,
in next-quarter terms, or perhaps, in next-year terms, that might be
unacceptabe.  But for people who think in terms of next-decade or
beyond, it might suffice.

And if the goal is not "get the password for router 12345" but "get as
many as possible", then a scattered, random, slow approach might yield
the best results -- *because* it's scattered, random, and slow.

---rsk




More information about the NANOG mailing list