Yahoogroups and Carnivore
Steven M. Bellovin
smb at research.att.com
Mon Sep 17 20:21:33 UTC 2001
In message <5.1.0.14.2.20010917155726.049e6708 at 127.0.0.1>, "Patrick W. Gilmore"
writes:
>
>At 03:42 PM 9/17/2001 -0400, Cristopher Daniluk wrote:
> >That's just a silly statement, it's a text processor/parser. It's another
> >layer. Of course its going to have an effect. On the average person, I would
> >venture to guess its overwhelmingly negligible, but it could very well
> >bottleneck someone like Yahoo.
>
>My understanding is that it is no inline, it uses a "monitor port" on a
>switch which duplicates all traffic.
>
>If that is the case, then it is not a silly statement, it is factually correct
>.
>
>Can anyone confirm or deny the above?
>
Your understanding correct. They use a splitter, and put the
monitoring machine on one of the legs. (The independent review of
Carnivore is at http://www.usdoj.gov:80/jmd/publications/carniv_entry.htm;
comments on that review are at
http://www.crypto.com/papers/carnivore_report_comments.html)
--Steve Bellovin, http://www.research.att.com/~smb
http://www.wilyhacker.com
More information about the NANOG
mailing list