White House to Propose System for Wide Monitoring of Internet (fwd)

chuck goolsbee chucklist at forest.net
Sat Dec 21 20:53:05 UTC 2002 

>Also, if you want to monitor massive amounts of data (something
>people say can't be done easily) you just demux it using a device
>like those at www.toplayer.com, or
>http://www.radware.com/content/products/fire.asp .
>Both solutions are adequate for breaking up massive amounts
>of data.
>
>I could write snort signatures that will trigger
>a session to be re-routed based on packet content. It's fugly,
>but if I can do it in my basement, a multi-billion dollar
>agency acting on behalf of the only global superpower can
>probably think up something a little more elegant. :)

The problem with this argument is you have to know exactly what you 
are looking for *before* the event. Foresight is almost never 20/20.

How many times have we all encountered a variation of the following?:

1. Get a call from an FBI agent (or insert any other gov't agency)
2. Play phone tag for a week.
3. Finally get each other on the phone.
4. Special Agent So&so requests a log file or packet trace from X months ago.
	The value of X usually = 6 months or more.
	Only when it was a murder case have I seen a request
	come in under 3 months.
5. Laugh and say... "OK, we'll try."
6. Dig and Dig... if lucky, find a 200+ megabyte log file.
7. Call agent back, offer to FTP/burn to a CD and send.
8. Agent replies: "Can you look at it for us, we are real busy."
9. Reply: "Uh... so are we, we'll let you know if we have a minute..."
10. Lather, rinse, repeat.


I have personally had this exact scenario play out four times so far in 2002.

That said, the way we have chosen to empower our government to act is 
as a tool of justice (after the act), not prevention. I have no 
problem with that setup, and really don't like the 'shoot first, ask 
later" direction drift of the current administration.

Too many packets, not enough time, too many cooks in the government's 
kitchen all looking over their shoulders at all the *other* cooks and 
closely guarding their little corner of counter space and utensils.

Nothing to see, carry on...


--chuck

<insert ironic sig>....
-- 
____________________________________________________________
Were there mistakes? Yes. Only those who don't act don't make
mistakes. But to organize well --- *that* is a difficult task.
                                     -- Lenin, April 24, 1917

More information about the NANOG mailing list