Email tapping by ISPs, forwarder addresses, and crypto proxies
Eugen Leitl
eugen at leitl.org
Sun Jul 18 06:34:18 PDT 2004
On Sun, Jul 18, 2004 at 07:50:16AM -0500, J.A. Terranson wrote:
> I have seen a passive tap on a gig line used for IDS, true, but that's
> pretty close to the state of the art right now. There's an issue with
There are dedicated network processors, though, and one can outsorce the
filter bottlenecks into an FPGA board. This is still reasonably small and
cheap.
> getting the interfaces for the 1U Dell, and then you have the secondary
> issues of just how much encapsulated crap do you need to strip off, and
> how fast. Remeber, you only get 1 shot, and you *can't* ask for more time
> - if your buffer runneth over, you be screwed.
>
> It's not as easy as it feels.
I think it would be far easier if WAN protocols were plain GBit Ethernet.
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
http://moleculardevices.org http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
More information about the cypherpunks-legacy
mailing list