If this has been covered already, appologies.. In regards to comments about BGP and OSPF being used to re-route traffic, this can be done easily with a TACACS+ or RADIUS profile. These service authenticate users, and allocate netblocks/routes to connections. This means that they alter the routing tables on a per-user basis, as a basic part of their functionality. Sound familiar? If not, I recommend looking at UUNet's presentation of CenterTrack, their tool for tracking DDoS attacks which, with some imagination, could be used for a host of other things. CenterTrack http://www.nanog.org/mtg-9910/robert.html Also, one of the common misconceptions about traffic monitoring is that the sniffer is also a router, or is storing and forwarding the packets in some statefull manner. This is not the case at all. It only requires a simple vlan entry to mirror, or even just put a port the same vlan membership as the link you are monitoring. A CenterTrack-like system makes it easy to monitor on a user by user basis, almost undetectably. With this granularity, the amount of traffic monitored can be substantially reduced by only re-routing single, or blocks of users through a system like CenterTrack, while excluding high bandwidth customers, and non-targets. Carnivore != Echelon. There are serious jurisdictional issues faced by LEA's that discourage direct collaboration between spooks and feds, to say the least. There are rumours that Coral and other flow management tools (found at CAIDA.org) were directly linked to the development of a carnivore-like system. These are unsubstantiated hearsay from irc, and like most great conspiracy stories it hinges on the improbable, but creepily possible. The technology shouldn't be a suprise to anyone with a networking background, or anyone that can legitimately lay claim to the title of BOFH. I think people should be suprised at the grey areas in wiretap laws as they relate to ISP's. There are great people in law enforcement who do phenomenal work. They provide a critical and often thankless job to the public and their country. If they are going to do their jobs as best they know how, alot of red tape is going to have to be cut. Unfortunately, that red tape is also your freedom, your rights, and your quality of life. Regards, -- batz Reluctant Ninja Defective Technologies