What's the best way to wiretap a network?
William Allen Simpson
wsimpson at greendragon.com
Tue Jan 20 21:02:05 UTC 2004
Eriks Rugelis wrote:
>
> On the other hand, if your environment consists of a large number (100's) of
> potential tapping points, then you will quickly determine that in-line taps
> have very poor scaling properties.
> a) They are not rack-dense
> b) They require external power warts
> c) They are not cheap (in the range of US$500 each)
> d) Often when you have that many potential tapping points, you are
> likely to be processing a larger number of warrants in a year. An in-line
> tap arrangement will require a body to physically install the recording
> equipment and cables to the trace-ports on the tap. You may also need to
> make room for more than one set of recording gear at each site.
>
This is a feature, not a bug. Law enforcement is required to pay --
up front -- all costs of tapping. No pay, no play.
> Large-scale providers will probably want to examine solutions based on
> support built directly into their traffic-carrying infrastructure (switches,
> routers.)
>
> You should be watchful for law enforcement types trying dictate a 'solution'
> which is not a good fit to your own business environment. There are usually
> several ways of getting them the data which they require to do their jobs.
>
Whatever they are willing to pay for -- a good fit for the business
environment is the largest effort and highest cost, as the overhead
and administrative charges should enough to be profitable.
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
More information about the NANOG
mailing list