Yahoogroups and Carnivore

• Previous message (by thread): Yahoogroups and Carnivore
• Next message (by thread): Yahoogroups and Carnivore
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In message <5.1.0.14.2.20010917155726.049e6708 at 127.0.0.1>, "Patrick W. Gilmore"
 writes:
>
>At 03:42 PM 9/17/2001 -0400, Cristopher Daniluk wrote:
> >That's just a silly statement, it's a text processor/parser. It's another
> >layer. Of course its going to have an effect. On the average person, I would
> >venture to guess its overwhelmingly negligible, but it could very well
> >bottleneck someone like Yahoo.
>
>My understanding is that it is no inline, it uses a "monitor port" on a 
>switch which duplicates all traffic.
>
>If that is the case, then it is not a silly statement, it is factually correct
>.
>
>Can anyone confirm or deny the above?
>

Your understanding correct.  They use a splitter, and put the 
monitoring machine on one of the legs.  (The independent review of 
Carnivore is at http://www.usdoj.gov:80/jmd/publications/carniv_entry.htm;
comments on that review are at 
http://www.crypto.com/papers/carnivore_report_comments.html)

		--Steve Bellovin, http://www.research.att.com/~smb
				  http://www.wilyhacker.com

• Previous message (by thread): Yahoogroups and Carnivore
• Next message (by thread): Yahoogroups and Carnivore
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]