mailing list archives
Re: Yahoogroups and Carnivore
From: Bill McGonigle <mcgonigle () medicalmedia com>
Date: Mon, 17 Sep 2001 18:55:27 -0400
On Monday, September 17, 2001, at 05:46 PM, Benny Fischer wrote:
-In the FAQ they claim there is no IP stack .. so how can it have ip
filters to let in traffic .. or is this all done with custom software?
If they're just capturing raw ethernet, they can disassemble the packets
themselves without exposing the machine to "everything-over-IP"
vulnerabilities. Surprisingly good design.
Still, I can't see how they can do all the analysis with
"post-processing". There's just too much data on a big ISP's net. Does
it write to a monstrous tape library? I'd think they'd at least want to
do packet reassembly and sequencing in memory, then some filtering, for
ease of analysis. That would mean in-line software, which could, of
course, be brought down with just the right malformed TCP packet
sequence. Unless they have much better-than-average programmers at the
FBI. Of course if they're doing any filtering at that level, they'll
miss steganographic TCP sequence numbers, etc. (if someone's invented
Re: Yahoogroups and Carnivore Joel Jaeggli (Sep 17)
RE: Yahoogroups and Carnivore Daniel Golding (Sep 17)
Re: Yahoogroups and Carnivore Andy Dills (Sep 17)