It’s the “remote capture” that scares me.
I was testing some Meraki kit, called their NOC to try to debug some Radius
issues, tech tells me “oh yes, I can see your traffic going hither and yon
between the test client and test server that are both in your office, and
looking at the packet contents I can see ….”
With Ruckus (or almost any other) gear, I have to either open up a hole through
my firewall or grab the packet traces and send them to the tech folk. They
don’t have uncontrolled access to my internal traffic out of the box.
paul
> On Feb 4, 2015, at 8:31 AM, Ray Soucy <[email protected]> wrote:
>
> Honestly, in a lot of cases you don't even need a device to support
> packet capture as a feature to add it as a feature once its
> compromised. This is just FUD IMHO.
>
> On Wed, Feb 4, 2015 at 7:24 AM, Paul Nash <[email protected]> wrote:
>>> I love the built-in remote packet captures,
>>
>> You, the NSA, and lots and lots of hackers, ALL love the remote packet
>> capture. If Meraki support can turn it on, so can someone who penetrates
>> their systems (by getting a job there or by hacking), and then they get to
>> see everything happening INSIDE your network. Not just your WAN traffic,
>> which would be bad enough.
>>
>> paul
>
>
>
> --
> Ray Patrick Soucy
> Network Engineer
> University of Maine System
>
> T: 207-561-3526
> F: 207-561-3531
>
> MaineREN, Maine's Research and Education Network
> www.maineren.net
