Home page logo
/

nanog logo nanog mailing list archives

RE: Yahoogroups and Carnivore
From: Len Sassaman <rabbi () quickie net>
Date: Mon, 17 Sep 2001 13:51:00 -0700 (PDT)


On Mon, 17 Sep 2001, Patrick W. Gilmore wrote:

My understanding is that it is no inline, it uses a "monitor port" on a
switch which duplicates all traffic.

If that is the case, then it is not a silly statement, it is factually
correct.

Can anyone confirm or deny the above?

You are correct, Patrick. Carnivore is a passive network monitor, and
passive attacks are undetectable. The only way a DCS1000 system would
interrupt your network would be if it were improperly installed. (The FBI
agent unplugs something he shouldn't, or decides to change your network
layout to get everything flowing past his Carnivore box.

At NANOG 20, the FBI demonstrated Carnivore to the attendees. One of those
attendees was kind enough to write a report and anonymously publish it.

http://cryptome.org/carnivore-demo.htm

It's basically a sniffer with some really nice filtering and
post-processing. By filtering, I mean filtering of the data logged, not of
the data flowing through the network.


--Len.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]