NS&AT&T

[Tyler Durden]

Coderman wrote...

>>Of course, they could do it via SONET overhead bytes, thus
>>avoiding the flakiness and vunerability that routers and switches still 
>>seem
>>to have.
>
>covert channels for backhaul?  nah, that would still be too visible.
>especially if/when a customer puts link testing equipment on the line
>and sees something funny. SONET doesn't give you a lot of play room.

There are plenty of unused bytes in the SONET overhead, particularly at 
OC-48 and OC-192 (in fact, most of the line and section overhead is empty 
because the overhead bytes are only defined for the first STS-1! Not a lot 
of people know that).

The problem, however, is that Line and Section layer overhead will be 
terminated pretty much every time they pass through a SONET box. There's the 
possibility of using the POH for control and management traffic, because 
that -should- stay with the payload. In terms of visibility they could of 
course encrypt those packets, possibly even using off-the-shelf VPN of they 
run a short stack management channel (though 7-layer/OSI is not impossible, 
given the old fondness for it in standards groups for so long).

On the other hand they could possibly just go in-band and send the 
management info with their backhauled traffic, but I'm still a little 
doubtful about that.

-TD