Re: What's the best way to wiretap a network?

[William Allen Simpson <wsimpson () greendragon com>]

Eriks Rugelis wrote:
> On the other hand, if your environment consists of a large number (100's) of
> potential tapping points, then you will quickly determine that in-line taps
> have very poor scaling properties.
>         a) They are not rack-dense
>         b) They require external power warts
>         c) They are not cheap (in the range of US$500 each)
>         d) Often when you have that many potential tapping points, you are
> likely to be processing a larger number of warrants in a year.  An in-line
> tap arrangement will require a body to physically install the recording
> equipment and cables to the trace-ports on the tap.  You may also need to
> make room for more than one set of recording gear at each site.
This is a feature, not a bug.  Law enforcement is required to pay -- 
up front -- all costs of tapping.  No pay, no play.  


> Large-scale providers will probably want to examine solutions based on
> support built directly into their traffic-carrying infrastructure (switches,
> routers.)
>
> You should be watchful for law enforcement types trying dictate a 'solution'
> which is not a good fit to your own business environment.  There are usually
> several ways of getting them the data which they require to do their jobs.
Whatever they are willing to pay for -- a good fit for the business 
environment is the largest effort and highest cost, as the overhead 
and administrative charges should enough to be profitable.
-- 
William Allen Simpson
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32