nanog mailing list archives
Re: Yahoogroups and Carnivore
From: Bill McGonigle <mcgonigle () medicalmedia com>
Date: Mon, 17 Sep 2001 18:55:27 -0400
On Monday, September 17, 2001, at 05:46 PM, Benny Fischer wrote:
-In the FAQ they claim there is no IP stack .. so how can it have ip basedfilters to let in traffic .. or is this all done with custom software?
If they're just capturing raw ethernet, they can disassemble the packets themselves without exposing the machine to "everything-over-IP" vulnerabilities. Surprisingly good design.
Still, I can't see how they can do all the analysis with "post-processing". There's just too much data on a big ISP's net. Does it write to a monstrous tape library? I'd think they'd at least want to do packet reassembly and sequencing in memory, then some filtering, for ease of analysis. That would mean in-line software, which could, of course, be brought down with just the right malformed TCP packet sequence. Unless they have much better-than-average programmers at the FBI. Of course if they're doing any filtering at that level, they'll miss steganographic TCP sequence numbers, etc. (if someone's invented that...)
-Bill
Current thread:
- Yahoogroups and Carnivore Jay Fenello (Sep 17)
- Re: Yahoogroups and Carnivore Larry Diffey (Sep 17)
- Re: Yahoogroups and Carnivore Michael Lucking (Sep 17)
- Re: Yahoogroups and Carnivore John Hasty (Sep 17)
- RE: Yahoogroups and Carnivore Benny Fischer (Sep 17)
- Re: Yahoogroups and Carnivore Bill McGonigle (Sep 17)
- Just Carnivore (was: Yahoogroups and Carnivore) Larry Diffey (Sep 17)
- Re: Just Carnivore (was: Yahoogroups and Carnivore) Len Sassaman (Sep 17)
- Re: Yahoogroups and Carnivore Michael Lucking (Sep 17)
- Re: Yahoogroups and Carnivore Larry Diffey (Sep 17)
- RE: Yahoogroups and Carnivore Cristopher Daniluk (Sep 17)
- RE: Yahoogroups and Carnivore Patrick W. Gilmore (Sep 17)
- RE: Yahoogroups and Carnivore Len Sassaman (Sep 17)
- RE: Yahoogroups and Carnivore Joel Jaeggli (Sep 17)
- <Possible follow-ups>
- RE: Yahoogroups and Carnivore Joe Blanchard (Sep 17)