Home page logo

nanog logo nanog mailing list archives

Just Carnivore (was: Yahoogroups and Carnivore)
From: "Larry Diffey" <ldiffey () technologyforward com>
Date: Mon, 17 Sep 2001 16:22:09 -0700

Supposedly Carnivore only targets specific kinds of traffic and doesn't
really monitor everything at once.  It's not like (again, supposedly)
Echelon that examines everything and then red flags certain items.
Carnivore is only looking for certain things.  Also, there is no outside
access to it.  Someone has to physically come in and remove the mass media
(what ever that may be: more than likely a hard drive).

My guess is, Carnivore actually sounds a lot more threatening than it is.
Still a violation of civil liberties as far as I'm concerned but it's bark
is worse than it's bite.  Especially since everyone has heard of it and
there are ways around it.

Let's see, I want to send email to someone but I want it to be completely
anonymous.  I go to safeweb.com or any other anonomizer and get myself a
hotmail address.  I then send it to the recipient with PGP encoded text.  He
logs on to hotmail through anonomizer and retrieves it, decodes it and reads
it.  If I was really smart I'd bounce around a couple of other proxies while
I was at it.

Carnivore? Toothless!

Larry Diffey
Technology Forward
I speak for my employer because I speak for myself.

----- Original Message -----
From: "Bill McGonigle" <mcgonigle () medicalmedia com>
To: "Benny Fischer" <benny () infinet-is com>
Cc: <nanog () merit edu>
Sent: Monday, September 17, 2001 3:55 PM
Subject: Re: Yahoogroups and Carnivore

On Monday, September 17, 2001, at 05:46 PM, Benny Fischer wrote:

-In the FAQ they claim there is no IP stack .. so how can it have ip
filters to let in traffic .. or is this all done with custom software?

If they're just capturing raw ethernet, they can disassemble the packets
themselves without exposing the machine to "everything-over-IP"
vulnerabilities.  Surprisingly good design.

Still, I can't see how they can do all the analysis with
"post-processing".  There's just too much data on a big ISP's net.  Does
it write to a monstrous tape library?  I'd think they'd at least want to
do packet reassembly and sequencing in memory, then some filtering, for
ease of analysis.  That would mean in-line software, which could, of
course, be brought down with just the right malformed TCP packet
sequence.  Unless they have much better-than-average programmers at the
FBI.  Of course if they're doing any filtering at that level, they'll
miss steganographic TCP sequence numbers, etc. (if someone's invented


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]