Email tapping by ISPs, forwarder addresses, and crypto proxies
Tyler Durden
camera_lumina at hotmail.com
Mon Jul 19 07:12:18 PDT 2004
"Gimme an intel IXA network processor and no problem. ATM is fixed
size data, not as tricky as IP decoding. Predicatable bandwidth.
Stream all into megadisks, analyze later."
I'm gonna have to challenge this bit here, Variola.
Let's back up. You've got an OC-48 or OC-192 fiber and you want to grab ALL
of the data in this fiber. Now I'll grant that in real life there's going to
be a lot telephony circuit in there, but let's take a worst-case and assume
you need ALL the data.
What's in this OC-192? Right now it definitely ain't 10Gb/s of packets. It's
going to have LOTS of DS1s, DS3s and, if you're lucky, and STS-3c or two. So
you'll need to first of all demux ALL of the tributaries.
Next, you've got to un-map any ATM in each of the DS1s, etc, and then pull
out the IP data from the ATM cells, remembering to reassemble fragmented
packets (and there will be plenty with ATM). And remember, you may have to
do this for 5000 simultaneous DS1s. Oh, and let's not forget pointer
adjustments. You can't just blindly grab stuff...remember that all those
tribs come from different STRATUM 1/3 clocks, so they'll be moving at
different speeds and as a result have periodic slips w.r.t the STS-192
container.
And that's just one fiber. How will you actually get all of this traffic
back to HQ? Remember, it keeps coming and won't stop.
No, I think I'm becomming convinced that they can't yet get ALL of it. But
they DO probably grab complete wavelengths and backhual them, storing them
for later study. (They must do some grooming too. For instance, they
probably CALEA everything into and out of Brooklyn, and then that will get
switched over to the Beltway where it will be packed into a GIG-BE OC-768
back to storage and processing.)
-TD
>From: "Major Variola (ret)" <mv at cdc.gov>
>To: "cypherpunks at al-qaeda.net" <cypherpunks at al-qaeda.net>
>Subject: Re: Email tapping by ISPs, forwarder addresses, and crypto
>proxies
>Date: Sun, 18 Jul 2004 22:35:19 -0700
>
>At 01:07 PM 7/18/04 -0500, J.A. Terranson wrote:
> >Let me fill in what he left out. Yes, the industry is moving towards
> >MPLS over POS. That's not where it is now though. At least not for
>most
> >interfaces. Right now the industry is chock full of lagacy gear,
>mostly
> >old fashioned ATM. You think you can just casually reassemble this
>crap
> >in transit? Let's see it!
>
>Gimme an intel IXA network processor and no problem. ATM is fixed
>size data, not as tricky as IP decoding. Predicatable bandwidth.
>Stream all into megadisks, analyze later.
>You need to tap the MPLS label assignment service (or watch all the
>egress ports and correlate to endpoints) too to know which ATM chunks
>went where.
>
> >Besides that old fashioned transport diversity, we have the original
> >problem: even if you could do it (maybe in three to five years), what
>are
> >you going to do with the data you've snarfed? Backhaul it? Shove it
>into
> >TB cassettes? Better keep a guy on staff to change the tray!!
>
>You don't know about tape robots, or offline indexing, eh?
>
>
>
>
>
_________________________________________________________________
Don�t just search. Find. Check out the new MSN Search!
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
More information about the cypherpunks-legacy
mailing list