nanog mailing list archives

Re: Yahoogroups and Carnivore

From: "Steven M. Bellovin" <smb () research att com>
Date: Mon, 17 Sep 2001 16:21:33 -0400


In message <5.1.0.14.2.20010917155726.049e6708@127.0.0.1>, "Patrick W. Gilmore"
 writes:


At 03:42 PM 9/17/2001 -0400, Cristopher Daniluk wrote:

That's just a silly statement, it's a text processor/parser. It's another
layer. Of course its going to have an effect. On the average person, I would
venture to guess its overwhelmingly negligible, but it could very well
bottleneck someone like Yahoo.


My understanding is that it is no inline, it uses a "monitor port" on a 
switch which duplicates all traffic.

If that is the case, then it is not a silly statement, it is factually correct
.

Can anyone confirm or deny the above?


Your understanding correct.  They use a splitter, and put the 
monitoring machine on one of the legs.  (The independent review of 
Carnivore is at http://www.usdoj.gov:80/jmd/publications/carniv_entry.htm;
comments on that review are at 
http://www.crypto.com/papers/carnivore_report_comments.html)

                --Steve Bellovin, http://www.research.att.com/~smb
                                  http://www.wilyhacker.com

Current thread:

Re: Yahoogroups and Carnivore, (continued)
- Re: Yahoogroups and Carnivore Joel Jaeggli (Sep 17)
  - RE: Yahoogroups and Carnivore Cristopher Daniluk (Sep 17)
    - RE: Yahoogroups and Carnivore Patrick W. Gilmore (Sep 17)
    - RE: Yahoogroups and Carnivore Len Sassaman (Sep 17)
    - RE: Yahoogroups and Carnivore Joel Jaeggli (Sep 17)
- RE: Yahoogroups and Carnivore Daniel Golding (Sep 17)
- Re: Yahoogroups and Carnivore Andy Dills (Sep 17)
- RE: Yahoogroups and Carnivore Joe Blanchard (Sep 17)
- Re: Yahoogroups and Carnivore John Neiberger (Sep 17)
- RE: Yahoogroups and Carnivore Roeland Meyer (Sep 17)
- Re: Yahoogroups and Carnivore Steven M. Bellovin (Sep 17)
- Re: Yahoogroups and Carnivore Sean M. Doran (Sep 17)