NS&AT&T
Tyler Durden
camera_lumina at hotmail.com
Wed May 17 09:22:31 PDT 2006
I'd bet by the time this post reaches the list most Cypherpunks &c will have
already seen the string of information posted on Wired and other places,
about AT&T's network. This is a level of detail that I strongly suspect has
NSA folks shitting bricks:
http://www.wired.com/news/technology/0,70908-0.html?tw=wn_index_2
Here's an interesting quote:
>One of the documents appears to describe AT&T's successful efforts to tap
>into 16 fiber-optic >cables connecting the company's WorldNet internet
>backbone to other internet service providers. >The document shows AT&T
>technicians phasing in fiber-optic splitters throughout February 2003,
> >cutting them in four at a time on a weekly schedule, ending with a link
>to Mae West, an internet >exchange point for West Coast traffic.
Now this is REALLY interesting:
http://blog.wired.com/images/nsadocs2_f.jpg
OK, this means the 16 fibers mentioned above are single wavelength. From
this document we can also view what the actual bandwidths are: OC-12s and
OC-48s, a couple of OC-3s and no OC-192s. Now I don't see any documentation
stating that there isn't more than this going into the room. The "four
splitters at a time" almost certainly implies that this traffic is coming
off a 4-fiber BLSR (most likely too NSA worked with the other carriers to
move the traffic to protect prior to installing the splitters).*
Theoretically, they could actually just backhaul all of this traffic using
pretty ordinary 16 wavelength WDM from any number of vendors. Getting that
cross-country is difficult, but with ULH (Ultra Long Haul) this could be
done with a relative minimum of repeater/amplifier sites. If they pre-sort
the traffic before backhauling it they could then actually just buy a
wavelength on AT&T's backbone, which has some nice features to it (I'd bet
they also have their own encryption used for the entire wavelength pipe,
though I could be wrong).
The pinchpoint here just might actually be the deep packet inspection. Does
anyone know what kind of bandwidth the narus boxes can support?
What this will do is give us an idea of how much traffic they are actually
taking back. From our discussions some months ago, I have assumed (and still
believe) that they can't grab EVERYTHING and pull it back, because that
would require too obvious and too huge a network. My other assumption is
that the narus deep packet inspection is enforcing a prioritization prior to
hockeying the most "juicy" traffic into their fiber or wavelegnths.
*: They would have first told the owner/carrier of one of those OC-N pipes
to force a switch to protection bandwidth while they installed the
splitters, and then switch back once the splitters were installed. It LOOKS
like they did this ring-by-ring, diverting traffic away from the "break" and
then installing splitters on all four fibers terminating across the break.
More information about the Testlist
mailing list