This is a good point; unless your taping your traffic and examining it for anything outside of the norm then would you ever see it? However, we are talking transport protocols, no? I would certainly hope the OOB network was monitored and controlled. Hmm.....a network of clients/servers strategically located at Huewai POPS with a sole pupose of creating sessions destined for control servers so as to create the ability to inject payload into packets that are actually destined for where you want the data to go. On Thu, Jun 13, 2013 at 11:42 AM, Leo Bicknell <bicknell@ufp.org> wrote:
On Jun 13, 2013, at 11:35 AM, Patrick W. Gilmore <patrick@ianai.net> wrote:
Also, I find it difficult to believe Hauwei has the ability to do DPI or something inside their box and still route at reasonable speeds is a bit silly. Perhaps they only duplicate packets based on source/dest IP address or something that is magically messaged from the mother ship, but I am dubious.
This could be a latent, not used feature from _any_ vendor.
A hard coded backdoor password and username. A sequence of port-knocking that enables ssh on an alternate port with no ACL. Logins through that mechanism not in syslog, not in the currently logged in user table, perhaps the process(es) hidden from view.
Do we really trust Cisco and Juniper more than Hueawei? :)
-- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
-- Phil Fagan Denver, CO 970-480-7618