Home page logo
/

nanog logo nanog mailing list archives

Re: huawei
From: Phil Fagan <philfagan () gmail com>
Date: Thu, 13 Jun 2013 11:54:40 -0600

This is a good point; unless your taping your traffic and examining it for
anything outside of the norm then would you ever see it? However, we are
talking transport protocols, no? I would certainly hope the OOB network was
monitored and controlled.

Hmm.....a network of clients/servers strategically located at Huewai POPS
with a sole pupose of creating sessions destined for control servers so as
to create the ability to inject payload into packets that are actually
destined for where you want the data to go.


On Thu, Jun 13, 2013 at 11:42 AM, Leo Bicknell <bicknell () ufp org> wrote:


On Jun 13, 2013, at 11:35 AM, Patrick W. Gilmore <patrick () ianai net>
wrote:

Also, I find it difficult to believe Hauwei has the ability to do DPI or
something inside their box and still route at reasonable speeds is a bit
silly. Perhaps they only duplicate packets based on source/dest IP address
or something that is magically messaged from the mother ship, but I am
dubious.

This could be a latent, not used feature from _any_ vendor.

A hard coded backdoor password and username.  A sequence of port-knocking
that enables ssh on an alternate port with no ACL.  Logins through that
mechanism not in syslog, not in the currently logged in user table, perhaps
the process(es) hidden from view.

Do we really trust Cisco and Juniper more than Hueawei? :)

--
       Leo Bicknell - bicknell () ufp org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/









-- 
Phil Fagan
Denver, CO
970-480-7618


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault