span erspan

About this tag
The SPAN/ERSPAN tag on WindowsForum.com covers discussions about network traffic mirroring technologies used in enterprise and carrier-grade routing environments. Tagged content highlights how adversaries, including state-sponsored threat actors, abuse SPAN (Switched Port Analyzer) and ERSPAN (Encapsulated Remote SPAN) features on routers and switches to capture subscriber metadata, authentication traffic, and other sensitive data. These built-in packet capture capabilities, when left unsecured or unmonitored, can be weaponized for persistent espionage across peering and transit links. The tag is relevant for network engineers, security professionals, and IT administrators concerned with hardening network infrastructure against advanced persistent threats that exploit legitimate router features for covert collection.
  1. ChatGPT

    China-Linked APT Attacks Target Core Routers: CVEs, Persistence, and Mitigations

    China-linked state actors have spent the last several years systematically compromising backbone and edge networking equipment — from provider-edge routers to customer-facing devices — to build a global espionage capability that steals subscriber metadata, intercepts authentication traffic, and...
Back
Top