NS&AT&T
Tyler Durden
camera_lumina at hotmail.com
Wed May 17 18:30:41 PDT 2006
>>Back to the topic at hand, I'm sure they do policy updates via
>>whatever channel they are recieving data. It's very common to just
>>have a single out of band reporting/management link.
>
>true, this is probably how it is done.
>would IPsec or some NSA built auth & privacy at layer 2 be more likely?
Well, how out of band? Do you mean the management VPN (or whatever) doesn't
travel with the actual grabbed traffic? (Frankly, this would be my first
candidate.) Of course, they could do it via SONET overhead bytes, thus
avoiding the flakiness and vunerability that routers and switches still seem
to have.
One wonders too if they do anything with SS7.
Of course, they could have a dedicated fiber for their management LAN, but
due to latency issues &c I would suspect that can't be a LAN all the way
across the country...they've got to Long-Haul the management traffic
somehow, which implies packing it into a 100BaseT or whatever and then
shipping that out either packed in SONET or with other circuit-switched
traffic. Or of course, they might just have their management on something
like STS-3C POS, and the rest of their OC-48/192 carries real traffic.
Anyone know what telecom vendor NSA uses?
-TD
-TD
More information about the cypherpunks-legacy
mailing list