mailing list archives
Re: XKeyscore sees 'nearly EVERYTHING you do
From: Michal Purzynski <michal () rsbac org>
Date: Sun, 11 Aug 2013 21:47:30 +0200
On 8/11/13 4:16 AM, Pedro Luis Karrasquillo wrote:
TAPs are no longer physical devices a spy installs on a wire somewhere.
NSA picks this up remotely via a very secret SNMP command. I explained
this in detail here:
I been in networking since 1996...
And never got my 5 minutes of fame, so decided to try here. Bad idea, I
would say, too many smart people here.
That's actualy a very laughable, so I enjoyed it!
So, NSA throws a super secret black boxes everywhere. They have to be
black, so the spy-climate is dense enough.
You are in networking from so long, tell me than. In order to intercept
a lot of traffic, would you rather do it like described and spent lots
of money, do a lots of cabling (packets needs them, you know?) and
maintain tons of the boxes, or just tap fibres and get the same packets
That would be a very, very bad design to do the number 1 design. Taping
is just easier and there's less people involved.
Also, that's even more funny, because we actualy know that SNMP and MIB
are for and it just blowns your story. How do you monitor packets via
SNMP? Say, you have your top secret command and the
router/switch/firewall starts shipping packets to NSA... but WHERE? How
do they appear on a target box? Magic? UFO? Mind reading?
You would need a CABLE from MANY devices to your collecting server. Too
many of them to make it possible. Kind of a span port I guess. But you
would overflow it quickly, too. So you need many span ports from each of
the devices... so many that next time I make a business plan and buy a
new network gear, I will have to factor that in and add a "we need 10
more ports for NSA, but don't ask about it".
BTW, I've figured out the Top Super Secret Umbra Venona key. It's
described here, in plaintext.
Now, NSA will have all of us killed. Too bad I'm in the car, might be
able to escape. Let me turn off all my cellphones or even throw them
away, just in case. Or maybe abandon my car, and walk - looking over my
shoulder from time to time and taking a circular route.
So, you don't need a secret SNMP command, you can just configure your
span port / mirroring port. In order to intercept that amount of traffic
you would need to span so many devices that it's impossible. See also
the span port overflow remark.
Oh and bad shoot with the "MIBs" too. They are just ... numbers
representing what kind of info do you want (more or less). There's no
Of course, because you need so many span ports, it's a worldwide
conspiracy among most of the ISP network engineers - someone has to
connect the cable, you know. Or is the cable translucent and invisible?
And connected to the invisible port, too? Now I feel that all these
years I've been working at ISP I was missing out a lot of crazy and
SURE they are intercepting lots of data, but doing it in a most smart
and efficient way possible - they got some Big Brainz behind it, too.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/