[Cryptography] DSL modems - how would we detect wholesale subversion?

[David Mercer]

On Tue, Oct 29, 2013 at 3:56 AM, John Gilmore <gnu at toad.com> wrote:

> > Many DSL modems contain a small switch, which if it's the only switch
> > in a small home or office network, would make all packets among local
> > nodes accessible to malware running in that DSL modem.
>
> And most DSL modems are provided by your giant telco DSL provider --
> such as AT&T -- which we already know has a long history of covertly
> sucking up to NSA.  Besides their longstanding cooperation on domestic
> and foreign fiber taps, they also produced the first-and-only Clipper
> Chip subverted "telephone security device" for making voice calls that
> "nobody but NSA" could listen to.  How hard would it be, really, for
> them to subvert all their DSL modems to wiretap your LAN?
>

Easier than you think. Nearly all DSL modems use the ATM protocol to
connect to the telco network. The ATM switch, if not the modem itself, can
usually be configured to setup virtual circuits that mirror traffic from an
interface or another virtual circuit.

So all that would be needed is for your local Older Brother to get the
telco to setup their network to allow them to turn up virtual circuits that
are
pre-configured to send either local LAN switchport traffic or mirror your
WAN traffic. It's a config option, no subversion needed. My past life in
network engineering let me confirm in a minute or 3 via google that at
the very least Juniper gear can do this. I doubt Cisco would leave out such
a feature. There are of course non-surveillance use cases given for all
such things.

And we're now off in infosec land off of the crypto path, and I'll just
leave it there.

-David Mercer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131030/9af3d68b/attachment.html>