CDR: Re: Carnovore All-Consuming

batz batsy at vapour.net
Mon Nov 20 06:08:20 PST 2000 

If this has been covered already, appologies.. 

In regards to comments about BGP and OSPF being used to re-route
traffic, this can be done easily with a TACACS+ or RADIUS profile. 
These service authenticate users, and allocate netblocks/routes to 
connections.
This means that they alter the routing tables on a per-user basis, as
a basic part of their functionality. 

Sound familiar? If not, I recommend looking at UUNet's presentation
of CenterTrack, their tool for tracking DDoS attacks which, with
some imagination, could be used for a host of other things. 

CenterTrack
http://www.nanog.org/mtg-9910/robert.html

Also, one of the common misconceptions about traffic monitoring
is that the sniffer is also a router, or is storing and forwarding
the packets in some statefull manner. This is not the case at all. 

It only requires a simple vlan entry to mirror, or even just 
put a port the same vlan membership as the link you are monitoring. 

A CenterTrack-like system makes it easy to monitor on a user by user basis, 
almost undetectably. With this granularity, the amount of traffic
monitored can be substantially reduced by only re-routing single, or
blocks of users through a system like CenterTrack, while excluding
high bandwidth customers, and non-targets. 

Carnivore != Echelon. There are serious jurisdictional issues faced by
LEA's that discourage direct collaboration between spooks and feds, to
say the least. 

There are rumours that Coral and other flow management tools (found at 
CAIDA.org) were directly linked to the development of a carnivore-like
system. These are unsubstantiated hearsay from irc, and like most great
conspiracy stories it hinges on the improbable, but creepily possible. 

The technology shouldn't be a suprise to anyone with a networking background,
or anyone that can legitimately lay claim to the title of BOFH. I think
people should be suprised at the grey areas in wiretap laws as they relate
to ISP's. 

There are great people in law enforcement who do phenomenal work.
They provide a critical and often thankless job to the public and their 
country. If they are going to do their jobs as best they know how, alot
of red tape is going to have to be cut. 

Unfortunately, that red tape is also your freedom, your rights, and your
quality of life. 

Regards,

--
batz
Reluctant Ninja
Defective Technologies

More information about the cypherpunks-legacy mailing list