[IP] EFF: Secret Surveillance Evidence Unsealed in AT&T Spying Ca

coderman coderman at gmail.com
Thu Jun 14 10:51:11 PDT 2007


On 6/14/07, Tyler Durden <camera_lumina at hotmail.com> wrote:
> Shee-IT. Layer 4 packet inspection at OC-192 is kinda surprising, but Layer
> 7 at OC-48 is for me the more difficult thing to swallow.

you gotta love fast asic's for this kind of stuff.  cloudstream also
has success with the fpga approach.  (there's a grad paper somewhere
that describes a 10GigE inspection setup using fpga's and capable of
~100-600 snort style rules per chip.  more rules == linear scale.
would be fun to try L7, which does make things more difficult...)


> Another thing worth thinking about is the control channels they must use to
> update the policies to one of these boxes. It's obviously in-band. One
> wonders if one could tap one of the fibers and find the packet stream they
> use to program one of these things.

what makes you say this?  i'd be surprised if the control channel is
pulled from the monitored flows.  you need bi directional transport,
for control and backhaul, among other reasons.

maybe we'll find out when congress/judiciary orders the devices
removed?  *cough*





More information about the cypherpunks-legacy mailing list