Re: New Rules On Internet Wiretapping Challenged

[Vicky Rode <vickyr () socal rr com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

in-line:

Adam Chesnutt wrote:
> This whole thread is silly! It's not hard to trap and trace a suspect. 
> It doesn't require a "Whole new generation of routers and switches"
- --------------
That was exactly my understanding but I think it goes beyond that.

> Correct me if I'm wrong here, but it seems to me that it's a fairly 
> trivial task to mirror and upstream, and isolate the traffic required. 
> I've performed such taps before and usually find it to easily performed 
> with a single FreeBSD box, and a mirrored port on the router.
- ---------------
true enough.


> Or maybe I'm just missing the point of this thread.
- ---------
You might want to take a look at rfc 2804 for some background.


regards,
/virendra

> Flounder
>
>
> Vicky Rode wrote:
>
>
> comments in-line:
>
>
> Peter Dambier wrote:
>  
>
>
> > Vicky Rode wrote:
>
>
>
>
> > > ...Raising my hand.
>
> > > My question is on Terry Hartle's comments, maybe someone with more
> > > insight into this could help clear my confusion.
>
> > > Why would it require to replace every router and every switch when my
> > > understanding is, FCC is looking to install *additional* gateway(s) to
> > > monitor Internet-based phone calls and emails.
> > >     
>
>
> > In a datacenter you have lines coming in and lines going out. And you
> > have internal equippment.
>
> > You have to eavesdrop on all of this because the supposed terrorist
> > might come in via ssh and use a local mail programme to send his email.
>
>
>
> --------------
> How do you differentiate between a hacker and a terrorist?
>
> For all you know this so called "terrorist" might be coming from a
> spoofed machine(s) behind anyone's desk.
>
>
>  
>
>
> > So you have to eavesdrop on all incoming lines because you dont know
> > where he comes in. Via aDSL? via cable modem? Via a glass fiber?
>
> > And you have to monitor all internal switches because you dont know
> > which host he might have hacked.
>
> > Guess a cheap switch with 24 ports a 100 Mbit. That makes 2.4 Gig.
> > You have to watch all of these. They can all send at the same time.
> > Your switch might have 1 Gig uplink. But that uplink is already in
> > use for your uplink and it does not even support 2.4 Gig.
>
>
>
> -------------
> There are ways to address over-subscription issues.
>
>
>  
>
>
> > How about switches used in datacenters with 48 ports, 128 ports, ...
> > Where do you get the capacity for multiple Gigs just for eavesdropping?
>
> > On the other hand - most switches have a port for debugging. But this
> > port can only listen on one port not on 24 or even 48 of them.
>
> > So you have to invent a new generation of switches.
>
>
>
> ----------------
> I don't believe this is the primary reason for replacing every router
> and every switch.
>
> I think (correct me if I'm wrong) it has to do with the way wiretap
> feature (lack of a better term) that .gov is wanting vendors to
> implement within their devices, may be at the network stack level.
>
> I guess it's time to revisit rfc 2804.
>
>
>  
>
>
> > How about the routers? They are even more complicated than a switch.
>
> > As everybody should know by now - every router can be hacked. So
> > your monitoring must be outside the router.
>
> > The gouvernment will offer you an *additional* gateway.
> > I wonder what that beast will look like. It must be able to take
> > all input you get from a glass fiber. Or do they ask us to get
> > down with our speed so they have time to eavesdrop.
>
>
>
> -----------------
> powered by dhs w/ made in china sticker :-)
>
> I'm not being smarty pants about this...it is actually happening. That's
> all I can say.
>
>
>
> regards,
> /virendra
>
>  
>
>
>
>
>
> > > I can see some sort of
> > > network redesign happening in order to accodomate this but replacing
> > > every router and every switch sounds too drastic, unless I
> > > mis-understood it. Please, I'm not advocating this change but just
> > > trying to understand the impact from an operation standpoint.
>
> > >     
>
>
> > Yes, it is drastic. But if they want to eavesdrop that is the only
> > way to do it.
>
>
>
>
>
> > > Any insight will be appreciated.
>
>
>
> > > regards,
> > > /virendra
>
> > >     
>
>
> > Here in germany we accidently have found out why east germany had
> > to finally give up:
>
> > They installed equippement to eavesdrop and tape on every single
> > telefone line. They could not produce enough tapes to keep up
> > with this :)
>
> > Not to mention what happened when they "recycled" the tapes and
> > did not have the time to first erase them :)
>
>
> > Kind regards,
> > Peter and Karin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDakYzpbZvCIJx1bcRAv2XAKDxgQqfs+nZMrUCR7zyKATJjfEBbgCg9/lu
N7waCSlgruy6yecfnFwO17M=
=1vBJ
-----END PGP SIGNATURE-----