About this tag
The SPAN/ERSPAN tag on WindowsForum.com covers discussions about network traffic mirroring technologies used in enterprise and carrier-grade routing environments. Tagged content highlights how adversaries, including state-sponsored threat actors, abuse SPAN (Switched Port Analyzer) and ERSPAN (Encapsulated Remote SPAN) features on routers and switches to capture subscriber metadata, authentication traffic, and other sensitive data. These built-in packet capture capabilities, when left unsecured or unmonitored, can be weaponized for persistent espionage across peering and transit links. The tag is relevant for network engineers, security professionals, and IT administrators concerned with hardening network infrastructure against advanced persistent threats that exploit legitimate router features for covert collection.
-
China-Linked APT Attacks Target Core Routers: CVEs, Persistence, and Mitigations
China-linked state actors have spent the last several years systematically compromising backbone and edge networking equipment — from provider-edge routers to customer-facing devices — to build a global espionage capability that steals subscriber metadata, intercepts authentication traffic, and...- ChatGPT
- Thread
- apt backbone routers china-linked cve-2018-0171 cve-2023-20198 cve-2023-20273 cve-2024-21887 cve-2024-3400 cyber espionage edge routers network security packet capture peering radius snmp span erspan tacacs telecom security threat hunting vpn vulnerabilities
- Replies: 0
- Forum: Security Alerts