Home page logo
/

nanog logo nanog mailing list archives

Re: huawei
From: Scott Helms <khelms () zcorum com>
Date: Sat, 15 Jun 2013 07:49:53 -0400

I can't agree Jimmy, I don't see a few bps being anywhere close to being
useful in any of the scenarios your describe especially because there are
easier ways of doing those things.  To do any of that the first thing you
have to do is establish the C&C channel so now you have a very low bit rate
bi-directional communication so by the time the C&C asks the router to
start stealing a key the IP of one of the IPSEC tunnel has changed.  If the
router intercepts traffic for a given IP or block what is going to do with
it?  It has very little non-volatile storage and we have such a low bit
rate of communication that it can't just send a copy.  A core router seldom
has so many spare CPU cycles & free RAM that it can afford to read through
the data and glean the interesting bits.


Scott Helms
Vice President of Technology
ZCorum
(678) 507-5000
--------------------------------
http://twitter.com/kscotthelms
--------------------------------


On Sat, Jun 15, 2013 at 2:56 AM, Jimmy Hess <mysidia () gmail com> wrote:

On 6/14/13, Scott Helms <khelms () zcorum com> wrote:
Is it possible?  Yes, but it's not feasible because the data rate would
be
too low.  That's what I'm trying to get across.  There are lots things
that
can be done but many of those are not useful.
[snip]

I agree that the data rate will be low. I don't agree that it's not
feasible.

There will be indeed be _plenty_ of ways that a low bit rate channel
can do everything the right adversary needs.

A few bits for second is plenty of data rate for  sending control
commands/rule changes to a router backdoor mechanism, stealing
passwords, or leaking cryptographic keys   required to decrypt the VPN
data stream intercepted from elsewhere on the network,   leaking
counters, snmp communities, or interface descriptions,   or
criteria-selected forwarded data samples, etc....


--
-JH



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]