nanog mailing list archives
RE: Yahoogroups and Carnivore
From: Len Sassaman <rabbi () quickie net>
Date: Mon, 17 Sep 2001 13:51:00 -0700 (PDT)
On Mon, 17 Sep 2001, Patrick W. Gilmore wrote:
My understanding is that it is no inline, it uses a "monitor port" on a switch which duplicates all traffic. If that is the case, then it is not a silly statement, it is factually correct. Can anyone confirm or deny the above?
You are correct, Patrick. Carnivore is a passive network monitor, and passive attacks are undetectable. The only way a DCS1000 system would interrupt your network would be if it were improperly installed. (The FBI agent unplugs something he shouldn't, or decides to change your network layout to get everything flowing past his Carnivore box. At NANOG 20, the FBI demonstrated Carnivore to the attendees. One of those attendees was kind enough to write a report and anonymously publish it. http://cryptome.org/carnivore-demo.htm It's basically a sniffer with some really nice filtering and post-processing. By filtering, I mean filtering of the data logged, not of the data flowing through the network. --Len.
Current thread:
- Re: Yahoogroups and Carnivore, (continued)
- Re: Yahoogroups and Carnivore Larry Diffey (Sep 17)
- Re: Yahoogroups and Carnivore Michael Lucking (Sep 17)
- Re: Yahoogroups and Carnivore John Hasty (Sep 17)
- RE: Yahoogroups and Carnivore Benny Fischer (Sep 17)
- Re: Yahoogroups and Carnivore Bill McGonigle (Sep 17)
- Just Carnivore (was: Yahoogroups and Carnivore) Larry Diffey (Sep 17)
- Re: Just Carnivore (was: Yahoogroups and Carnivore) Len Sassaman (Sep 17)
- Re: Yahoogroups and Carnivore Michael Lucking (Sep 17)
- Re: Yahoogroups and Carnivore Larry Diffey (Sep 17)
- RE: Yahoogroups and Carnivore Cristopher Daniluk (Sep 17)
- RE: Yahoogroups and Carnivore Patrick W. Gilmore (Sep 17)
- RE: Yahoogroups and Carnivore Len Sassaman (Sep 17)
- RE: Yahoogroups and Carnivore Joel Jaeggli (Sep 17)