Re: Email tapping by ISPs, forwarder addresses, and crypto proxies
"I think it would be far easier if WAN protocols were plain GBit Ethernet." WAN won't be 1GbE, but it will probably be 10GbE with SONET framing, or else OC-192c POS (ie, PPP-encapsulated HDLC-framed MPLS). In either case, I suspect it will be far cheaper in the long run to monitor a big fat pipe than to try to break out a zillion lil' tiny DS1s. -TD
From: Eugen Leitl <eugen@leitl.org> To: "J.A. Terranson" <measl@mfn.org>, cypherpunks@al-qaeda.net Subject: Re: Email tapping by ISPs, forwarder addresses, and crypto proxies Date: Sun, 18 Jul 2004 15:34:18 +0200
On Sun, Jul 18, 2004 at 07:50:16AM -0500, J.A. Terranson wrote:
I have seen a passive tap on a gig line used for IDS, true, but that's pretty close to the state of the art right now. There's an issue with
There are dedicated network processors, though, and one can outsorce the filter bottlenecks into an FPGA board. This is still reasonably small and cheap.
getting the interfaces for the 1U Dell, and then you have the secondary issues of just how much encapsulated crap do you need to strip off, and how fast. Remeber, you only get 1 shot, and you *can't* ask for more time - if your buffer runneth over, you be screwed.
It's not as easy as it feels.
I think it would be far easier if WAN protocols were plain GBit Ethernet.
-- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net << attach3 >>
_________________________________________________________________ Discover the best of the best at MSN Luxury Living. http://lexus.msn.com/
On Sun, 18 Jul 2004, Tyler Durden wrote:
"I think it would be far easier if WAN protocols were plain GBit Ethernet."
WAN won't be 1GbE, but it will probably be 10GbE with SONET framing, or else OC-192c POS (ie, PPP-encapsulated HDLC-framed MPLS). In either case, I suspect it will be far cheaper in the long run to monitor a big fat pipe than to try to break out a zillion lil' tiny DS1s.
-TD
OK, so Tyler [apparently] works in the business :-) Let me fill in what he left out. Yes, the industry is moving towards MPLS over POS. That's not where it is now though. At least not for most interfaces. Right now the industry is chock full of lagacy gear, mostly old fashioned ATM. You think you can just casually reassemble this crap in transit? Let's see it! Besides that old fashioned transport diversity, we have the original problem: even if you could do it (maybe in three to five years), what are you going to do with the data you've snarfed? Backhaul it? Shove it into TB cassettes? Better keep a guy on staff to change the tray!! None of the many obstacles curretly in the way will allow this to be done on the QT. Semi-openly would be another story, as would the scenario of a smaller, say regional, ISP. -- Yours, J.A. Terranson sysadmin@mfn.org 0xBD4A95BF "...justice is a duty towards those whom you love and those whom you do not. And people's rights will not be harmed if the opponent speaks out about them." Osama Bin Laden - - - "There aught to be limits to freedom!" George Bush - - - Which one scares you more?
participants (2)
-
J.A. Terranson -
Tyler Durden