CDR: Re: Carnivore All-Consuming

Jim Dixon jdd at vbc.net
Sun Nov 19 19:34:01 PST 2000


On Sun, 19 Nov 2000, Steve Schear wrote:

> >There are at least two problems: processing power and network
> >architecture.
> >
> >As regards the first, our customers, many of them smaller ISPs,
> >find it necessary to employ NT clusters to handle subsets of their
> >traffic (Usenet news, Web proxies, and so forth).  So it is
> >difficult to believe that a single NT box could monitor their
> >entire traffic load.
> 
> A PC, using off-the-shelf HW, is capable of filtering a full 100 Mbps link 
> (144K packets/sec) as demonstrated by the BlackICE products 
> http://www.networkice.com/html/blackice_sentry.html

First, like any other manufacturer's claims, these should be treated
with some skepticism.

Second, this is an intrusion detection system.  I suspect that they
are looking for something simpler than what Carnivore is trying to 
detect.

Third, even if you believe that they can really analyse data at 
100 Mbps, this still doesn't give them the ability to handle more 
than one PoP with two DS3 connections.  This is still orders of 
magnitude away from being able to handle a major site with 
multiple 2.5G connections, let alone all of the traffic handled by 
a major ISP.

The original claim was that Carnivore could monitor all of an ISP's 
traffic.  This isn't true for most ISPs.  And the amazing growth 
rates that we are seeing in bandwidth and network complexity make it
exceedingly unlikely that Carnivore or anything like it will ever 
catch up.

Qwest deployed 14,000 miles of fibre some years ago.  This was
packaged as conduits carrying 48 fiber pairs, each pair using 
wave division multiplexing to carry 8 to 16 optical channels, with
each channel running at 10 Gbps.  That's 160 Gbps per fiber, 
7,680 Gbps per conduit.  Qwest is one of many carriers.  160 Gbps
over a fiber pair isn't state of the art.  Qwest has many conduits.

If a PC can monitor 100M of bandwidth, it would take, uhm, about
seventy seven thousand PCs to monitor one of Qwest's conduits.  Not
that I believe that one PC can monitor traffic at 100 Mbps.

> >The overall capacity and the complexity of the Internet is increasing
> >at an explosive rate.  For better or for worse, this far exceeds the
> >growth in any government's capability of monitoring Internet traffic.

--
Jim Dixon                  VBCnet GB Ltd           http://www.vbc.net
tel +44 117 929 1316                             fax +44 117 927 2015






More information about the cypherpunks-legacy mailing list