Yahoogroups and Carnivore

• Previous message (by thread): Yahoogroups and Carnivore
• Next message (by thread): Just Carnivore (was: Yahoogroups and Carnivore)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Monday, September 17, 2001, at 05:46 PM, Benny Fischer wrote:

> -In the FAQ they claim there is no IP stack .. so how can it have ip 
> based
> filters to let in traffic .. or is this all done with custom software?
>

If they're just capturing raw ethernet, they can disassemble the packets 
themselves without exposing the machine to "everything-over-IP" 
vulnerabilities.  Surprisingly good design.

Still, I can't see how they can do all the analysis with 
"post-processing".  There's just too much data on a big ISP's net.  Does 
it write to a monstrous tape library?  I'd think they'd at least want to 
do packet reassembly and sequencing in memory, then some filtering, for 
ease of analysis.  That would mean in-line software, which could, of 
course, be brought down with just the right malformed TCP packet 
sequence.  Unless they have much better-than-average programmers at the 
FBI.  Of course if they're doing any filtering at that level, they'll 
miss steganographic TCP sequence numbers, etc. (if someone's invented 
that...)

-Bill

• Previous message (by thread): Yahoogroups and Carnivore
• Next message (by thread): Just Carnivore (was: Yahoogroups and Carnivore)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]