Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: XKeyscore sees 'nearly EVERYTHING you do
From: Grandma Eubanks <tborland1 () gmail com>
Date: Sun, 11 Aug 2013 19:39:57 -0500


On Sun, Aug 11, 2013 at 2:47 PM, Michal Purzynski <michal () rsbac org> wrote:

 On 8/11/13 4:16 AM, Pedro Luis Karrasquillo wrote:

TAPs are no longer physical devices a spy installs on a wire somewhere.
NSA picks this up remotely via a very secret SNMP command. I explained
this in detail here:

  I been in networking since 1996...

And never got my 5 minutes of fame, so decided to try here. Bad idea, I
would say, too many smart people here.

That's actualy a very laughable, so I enjoyed it!

So, NSA throws a super secret black boxes everywhere. They have to be
black, so the spy-climate is dense enough.

You are in networking from so long, tell me than. In order to intercept a
lot of traffic, would you rather do it like described and spent lots of
money, do a lots of cabling (packets needs them, you know?) and maintain
tons of the boxes, or just tap fibres and get the same packets wholesale?

That would be a very, very bad design to do the number 1 design. Taping is
just easier and there's less people involved.

Also, that's even more funny, because we actualy know that SNMP and MIB
are for and it just blowns your story. How do you monitor packets via SNMP?
Say, you have your top secret command and the router/switch/firewall starts
shipping packets to NSA... but WHERE? How do they appear on a target box?
Magic? UFO? Mind reading?

You would need a CABLE from MANY devices to your collecting server. Too
many of them to make it possible. Kind of a span port I guess. But you
would overflow it quickly, too. So you need many span ports from each of
the devices... so many that next time I make a business plan and buy a new
network gear, I will have to factor that in and add a "we need 10 more
ports for NSA, but don't ask about it".

BTW, I've figured out the Top Super Secret Umbra Venona key. It's
described here, in plaintext.


Now, NSA will have all of us killed. Too bad I'm in the car, might be able
to escape. Let me turn off all my cellphones or even throw them away, just
in case. Or maybe abandon my car, and walk - looking over my shoulder from
time to time and taking a circular route.

So, you don't need a secret SNMP command, you can just configure your span
port / mirroring port. In order to intercept that amount of traffic you
would need to span so many devices that it's impossible. See also the span
port overflow remark.

Oh and bad shoot with the "MIBs" too. They are just ... numbers
representing what kind of info do you want (more or less). There's no magic

Of course, because you need so many span ports, it's a worldwide
conspiracy among most of the ISP network engineers - someone has to connect
the cable, you know. Or is the cable translucent and invisible? And
connected to the invisible port, too? Now I feel that all these years I've
been working at ISP I was missing out a lot of crazy and fancy work!

SURE they are intercepting lots of data, but doing it in a most smart and
efficient way possible - they got some Big Brainz behind it, too.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]