nanog mailing list archives

Re: White House to Propose System for Wide Monitoring of Internet (fwd)

From: chuck goolsbee <chucklist () forest net>
Date: Sat, 21 Dec 2002 12:53:05 -0800

Also, if you want to monitor massive amounts of data (something
people say can't be done easily) you just demux it using a device
like those at www.toplayer.com, or
http://www.radware.com/content/products/fire.asp .
Both solutions are adequate for breaking up massive amounts
of data.

I could write snort signatures that will trigger
a session to be re-routed based on packet content. It's fugly,
but if I can do it in my basement, a multi-billion dollar
agency acting on behalf of the only global superpower can
probably think up something a little more elegant. :)

The problem with this argument is you have to know exactly what youare looking for *before* the event. Foresight is almost never 20/20.


How many times have we all encountered a variation of the following?:

1. Get a call from an FBI agent (or insert any other gov't agency)
2. Play phone tag for a week.
3. Finally get each other on the phone.
4. Special Agent So&so requests a log file or packet trace from X months ago.
        The value of X usually = 6 months or more.
        Only when it was a murder case have I seen a request
        come in under 3 months.
5. Laugh and say... "OK, we'll try."
6. Dig and Dig... if lucky, find a 200+ megabyte log file.
7. Call agent back, offer to FTP/burn to a CD and send.
8. Agent replies: "Can you look at it for us, we are real busy."
9. Reply: "Uh... so are we, we'll let you know if we have a minute..."
10. Lather, rinse, repeat.


I have personally had this exact scenario play out four times so far in 2002.

That said, the way we have chosen to empower our government to act isas a tool of justice (after the act), not prevention. I have noproblem with that setup, and really don't like the 'shoot first, asklater" direction drift of the current administration.

Too many packets, not enough time, too many cooks in the government'skitchen all looking over their shoulders at all the *other* cooks andclosely guarding their little corner of counter space and utensils.


Nothing to see, carry on...


--chuck

<insert ironic sig>....
--
____________________________________________________________
Were there mistakes? Yes. Only those who don't act don't make
mistakes. But to organize well --- *that* is a difficult task.
                                    -- Lenin, April 24, 1917

Current thread:

Re: White House to Propose System for Wide Monitoring of Internet (fwd), (continued)
- - - Re: White House to Propose System for Wide Monitoring of Internet (fwd) Stephen Sprunk (Dec 23)
    - Re: White House to Propose System for Wide Monitoring of Internet (fwd) batz (Dec 23)
    - Re: White House to Propose System for Wide Monitoring of Internet (fwd) Richard Forno (Dec 23)
    - Whoops! (re: WH network monitoring plan response) Richard Forno (Dec 24)
    - Re: Whoops! (re: WH network monitoring plan response) Valdis . Kletnieks (Dec 24)
    - Re: Whoops! (re: WH network monitoring plan response) Marshall Eubanks (Dec 24)
    - Acceptable Losses (was Re: Whoops! (re: WH network monitoring plan response)) Sean Donelan (Dec 24)
    - RE: White House to Propose System for Wide Monitoring of Internet(fwd) err, make that (fud) Al Rowland (Dec 24)
    - Re: White House to Propose System for Wide Monitoring of Internet Sean Donelan (Dec 20)
    - Message not available
    - Re: White House to Propose System for Wide Monitoring of Internet (fwd) blitz (Dec 20)
  - Re: White House to Propose System for Wide Monitoring of Internet (fwd) chuck goolsbee (Dec 21)
- Fw: Re: White House to Propose System for Wide Monitoring of Internet (fwd) Fred Heutte (Dec 20)
  - Re: Fw: Re: White House to Propose System for Wide Monitoring of Internet (fwd) blitz (Dec 21)