undefined | Better HN

0 pointsnoir_lord5y ago0 comments

> including the backups coming in from customers.

Which are encrypted in flight...if they aren't then anyone on the 30 machines between customer and final destination can also see the backups coming in from customers.

0 comments

sideshowmel5y ago

True, but the packets in-flight can take different routes. If you have a machine on the switch, you know you've captured all the packets that were in-flight. This make it easier to break the encrypted packets.

It's a choice--everything in security is a risk-management assessment, but I'm surprised rsync.net was able to get so many security certifications with this setup.

noir_lordOP5y ago

> If you have a machine on the switch, you know you've captured all the packets that were in-flight.

Same applies if someone takes over the firewall, machine on the last hop before they hit port 22.

In a world where stuff like this https://www.helpnetsecurity.com/2020/09/01/zero-day-cisco-en... routinely happens there is a benefit to forgoing all of that when it makes sense.

mcosta5y ago

# tcpdump -i eth0

tcpdump: eth0: You don't have permission to capture on that device

(socket: Operation not permitted)

j / k navigate · click thread line to collapse