Email tapping by ISPs, forwarder addresses, and crypto proxies

[J.A. Terranson]

On Sun, 18 Jul 2004, Eugen Leitl wrote:

> For those of you who have worked at major ISPs, can the fact that traffic is
> routed through a few "customer" boxes be hidden from employees?

Speaking as someone who qualifies: no.  However, the fact that you even
asked the question begs another question, namely, what do you consider
"major"?  Savvis was, in my opinion, at the very lower end of "major",
operating in ~140 countries, although most of that was vpn and multicast.
Lets guess that internet was considerably less, say ~15-20 countries
directly.

In short, the trouble with trying to stuff all this through a choke point
(or even 10 choke points) is it's going to be either seen directly as a
router hop (if at layer3), or seen indirectly at layer two.  And the kind
of detailed troubleshooting that goes on in the first through third level
support groups just wouldn't be able to miss this - sooner or later
someone whold see something, and then the whole place would know.

Now, *mirroring* to a couple of choke points, sure, but then you ave
transit and other associated costs (you gotta haul the data to all of the
collectors).

Just not feasible to do it quietly.  Note, I said quietly.

-- 
Yours,

J.A. Terranson
sysadmin at mfn.org
0xBD4A95BF

  "...justice is a duty towards those whom you love and those whom you do
  not.  And people's rights will not be harmed if the opponent speaks out
  about them."      Osama Bin Laden
	- - -

  "There aught to be limits to freedom!"    George Bush
	- - -

Which one scares you more?