Home page logo
/

nanog logo nanog mailing list archives

Re: Yahoogroups and Carnivore
From: "Steven M. Bellovin" <smb () research att com>
Date: Mon, 17 Sep 2001 16:21:33 -0400


In message <5.1.0.14.2.20010917155726.049e6708 () 127 0 0 1>, "Patrick W. Gilmore"
 writes:

At 03:42 PM 9/17/2001 -0400, Cristopher Daniluk wrote:
That's just a silly statement, it's a text processor/parser. It's another
layer. Of course its going to have an effect. On the average person, I would
venture to guess its overwhelmingly negligible, but it could very well
bottleneck someone like Yahoo.

My understanding is that it is no inline, it uses a "monitor port" on a 
switch which duplicates all traffic.

If that is the case, then it is not a silly statement, it is factually correct
.

Can anyone confirm or deny the above?


Your understanding correct.  They use a splitter, and put the 
monitoring machine on one of the legs.  (The independent review of 
Carnivore is at http://www.usdoj.gov:80/jmd/publications/carniv_entry.htm;
comments on that review are at 
http://www.crypto.com/papers/carnivore_report_comments.html)

                --Steve Bellovin, http://www.research.att.com/~smb
                                  http://www.wilyhacker.com



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault