NS&AT&T
Tyler Durden
camera_lumina at hotmail.com
Thu May 18 07:09:46 PDT 2006
Coderman wrote...
>>Of course, they could do it via SONET overhead bytes, thus
>>avoiding the flakiness and vunerability that routers and switches still
>>seem
>>to have.
>
>covert channels for backhaul? nah, that would still be too visible.
>especially if/when a customer puts link testing equipment on the line
>and sees something funny. SONET doesn't give you a lot of play room.
There are plenty of unused bytes in the SONET overhead, particularly at
OC-48 and OC-192 (in fact, most of the line and section overhead is empty
because the overhead bytes are only defined for the first STS-1! Not a lot
of people know that).
The problem, however, is that Line and Section layer overhead will be
terminated pretty much every time they pass through a SONET box. There's the
possibility of using the POH for control and management traffic, because
that -should- stay with the payload. In terms of visibility they could of
course encrypt those packets, possibly even using off-the-shelf VPN of they
run a short stack management channel (though 7-layer/OSI is not impossible,
given the old fondness for it in standards groups for so long).
On the other hand they could possibly just go in-band and send the
management info with their backhauled traffic, but I'm still a little
doubtful about that.
-TD
More information about the Testlist
mailing list