IP: more on -- Industry Standard Article on Carnivore

[Dave Farber <farber () cis upenn edu>]

> To: Dave Farber <farber () cis upenn edu>,
>    "Jason L. Rosensweig" <jason.rosensweig () nist gov>
> cc: mts () off to
> From: "Michael T. Stolarchuk" <mts () off to>
>
>
> Dave,
>
> i want to introduce myself for a second, i'm michael stolarchuk,
> and i've been involved with sniffing technologies for at least
> five years.
>
> i'm the last author of the core sniffing engine for NFR,
> Network Flight Recorder, and before that, I was involved
> in a project to perform packet sniffing for Honeyman's
> packet vault at citi of the University of Michigan ...
>
> i belive that qualifies me as a good source of information,
> if not an expert...  because of my background i have
> good knowledge of what sniffing technologies can do,
> and what they can't do...
>
> I have issue with in the article from mr.Rosensweig... specifically:
>
>         Carnivore can pick up only the packets that use the Internet protocol
>         address to which the FBI has been granted access by court order, 
> Kerr said.
>
>
> Now, as all of us know, if you can sniff the packets, then all
> the traffic is available for `Carnivore'.  I don't see any
> guarantees that it will ONLY review mesages that its supposed to
> collect.   I believe the `agency' be would be reluctant to
> allow the interpositioning of some device which would guarantee the
> safety of the data which Carnivore would see...  After all, such
> a device may very well discard the very data which the `agency'
> is trying to locate.
>
> In addition, i would guess many of the machine which the agency
> would want to monitor would likely NOT have a single fixed
> IP address.. If that isn't the case, then they are sniffing
> from some mail intermediary, which implies they have access
> to *ALL* the mail which is available at that ISP, not just
> the mail from some particular machine.
>
>
> mts.