nanog mailing list archives

Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet

From: Eugeniu Patrascu <eugen () imacandi net>
Date: Fri, 6 Dec 2013 21:55:52 +0200

On Fri, Dec 6, 2013 at 9:48 PM, Jared Mauch <jared () puck nether net> wrote:


On Dec 6, 2013, at 1:39 PM, Brandon Galbraith <brandon.galbraith () gmail com>
wrote:

If your flows are a target, or your data is of an extremely sensitive
nature (diplomatic, etc), why aren't you moving those bits over
something more private than IP (point to point L2, MPLS)? This doesn't
work for the VoIP target mentioned, but foreign ministries should most
definitely not be trusting encryption alone.


I will ruin someones weekend here, but:

MPLS != Encryption.  MPLS VPN = "Stick a label before the still
unencrypted IP packet".
MPLS doesn't secure your data, you are responsible for keeping it secure
on the wire.

It's always interesting to watch someone's expression when they hear that
MPLS VPN, even if it says VPN in the name is not encrypted. Priceless every
time :)

Current thread:

Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet Eugen Leitl (Dec 06)
- Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet Jared Mauch (Dec 06)
  - Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet Brandon Galbraith (Dec 06)
    - Re: Someone¹s Been Siphoning Data Through a Huge Security Hole in the Internet Warren Bailey (Dec 06)
    - Re: Someone¹s Been Siphoning Data Through a Huge Security Hole in the Internet Brandon Galbraith (Dec 06)
    - Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet Jared Mauch (Dec 06)
    - Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet Christopher Morrow (Dec 06)
    - Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet deleskie (Dec 06)
    - Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet Jay Ashworth (Dec 07)
    - Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet Eugeniu Patrascu (Dec 06)
    - Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet Merike Kaeo (Dec 08)
    - Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet Jay Ashworth (Dec 08)
    - Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet Eugeniu Patrascu (Dec 08)
    - Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet Stephane Bortzmeyer (Dec 06)
  - Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet Paul Ferguson (Dec 06)
  - Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet Stephane Bortzmeyer (Dec 06)
    - Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet Jared Mauch (Dec 07)
- Re: Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet Stephane Bortzmeyer (Dec 06)