Email tapping by ISPs, forwarder addresses, and crypto proxies
camera_lumina at hotmail.com
Sun Jul 18 10:17:09 PDT 2004
"I think it would be far easier if WAN protocols were plain GBit Ethernet."
WAN won't be 1GbE, but it will probably be 10GbE with SONET framing, or else
OC-192c POS (ie, PPP-encapsulated HDLC-framed MPLS). In either case, I
suspect it will be far cheaper in the long run to monitor a big fat pipe
than to try to break out a zillion lil' tiny DS1s.
>From: Eugen Leitl <eugen at leitl.org>
>To: "J.A. Terranson" <measl at mfn.org>, cypherpunks at al-qaeda.net
>Subject: Re: Email tapping by ISPs, forwarder addresses, and crypto proxies
>Date: Sun, 18 Jul 2004 15:34:18 +0200
>On Sun, Jul 18, 2004 at 07:50:16AM -0500, J.A. Terranson wrote:
> > I have seen a passive tap on a gig line used for IDS, true, but that's
> > pretty close to the state of the art right now. There's an issue with
>There are dedicated network processors, though, and one can outsorce the
>filter bottlenecks into an FPGA board. This is still reasonably small and
> > getting the interfaces for the 1U Dell, and then you have the secondary
> > issues of just how much encapsulated crap do you need to strip off, and
> > how fast. Remeber, you only get 1 shot, and you *can't* ask for more
> > - if your buffer runneth over, you be screwed.
> > It's not as easy as it feels.
>I think it would be far easier if WAN protocols were plain GBit Ethernet.
>Eugen* Leitl <a href="http://leitl.org">leitl</a>
>ICBM: 48.07078, 11.61144 http://www.leitl.org
>8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
><< attach3 >>
Discover the best of the best at MSN Luxury Living. http://lexus.msn.com/
More information about the cypherpunks-legacy