Re: [IP] EFF: Secret Surveillance Evidence Unsealed in AT&T Spying Ca

...

Another thing worth thinking about is the control channels they must use to update the policies to one of these boxes. It's obviously in-band. One wonders if one could tap one of the fibers and find the packet stream they use to program one of these things.

what makes you say this? i'd be surprised if the control channel is pulled from the monitored flows. you need bi directional transport, for control and backhaul, among other reasons.

maybe we'll find out when congress/judiciary orders the devices removed? *cough*

Hum...it's interesting to think about this. I assumed the control channel would be in-band for several reasons, all of which may be wrong. Let me first of clarify, in case it wasn't clear: I'm talking about downloading the policies that will 'program' what the Narus box looks at and how it will respond. The Narus box itself likely needs it's own control channel to upgrade its own software and do OAM&P, and this will probably be over the SONET DCC overhead. But the policies itself, I think, could be in band. Consider: 1) The Narus box already does layer 4: Since it's already opening up the STS-Nc container and reading the packets, seems trivial for them to grab their own control stream out of that. 2) Depending on the architecture, if the packets are in-band then they don't need to worry about getting their control channel terminated by putting it into SONET overhead. Of course, the path overhead might actually survive untouched the whole way, but that would prevent them from terminating at an intermediate router (which they might want the option to do so as to prevent backhauling a whole nation's worth of traffic). 3) Although not a BIG deal, if they used SONET overhead they would have to put their channel into unused overhead bytes. Some chipsets do that, but it's a constraint better avoided for various reasons (including rare interoperability issues if someone else along the way is using the same bytes for something). I don't understand the comment about bidirectional transport...this is necessary anyway, no? At least the DCC of SONET NEs need bidirectional or the SONET router (yes, there's a tiny OSI router inside SONET SEs) will declare the DCC down. Or maybe I misunderstand you... Of course, some of these considerations go away somewhat if NSA simply backhauls all the traffic over a proprietary coast-to-coast optical network, which is not inconceivable. -TD _________________________________________________________________ Play games, earn tickets, get cool prizes. Play nowit's FREE! http://club.live.com/home.aspx?icid=CLUB_hotmailtextlink1