North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Just Carnivore (was: Yahoogroups and Carnivore)

  • From: Larry Diffey
  • Date: Mon Sep 17 19:23:59 2001

Supposedly Carnivore only targets specific kinds of traffic and doesn't
really monitor everything at once.  It's not like (again, supposedly)
Echelon that examines everything and then red flags certain items.
Carnivore is only looking for certain things.  Also, there is no outside
access to it.  Someone has to physically come in and remove the mass media
(what ever that may be: more than likely a hard drive).

My guess is, Carnivore actually sounds a lot more threatening than it is.
Still a violation of civil liberties as far as I'm concerned but it's bark
is worse than it's bite.  Especially since everyone has heard of it and
there are ways around it.

Let's see, I want to send email to someone but I want it to be completely
anonymous.  I go to or any other anonomizer and get myself a
hotmail address.  I then send it to the recipient with PGP encoded text.  He
logs on to hotmail through anonomizer and retrieves it, decodes it and reads
it.  If I was really smart I'd bounce around a couple of other proxies while
I was at it.

Carnivore? Toothless!

Larry Diffey
Technology Forward
I speak for my employer because I speak for myself.

----- Original Message -----
From: "Bill McGonigle" <[email protected]>
To: "Benny Fischer" <[email protected]>
Cc: <[email protected]>
Sent: Monday, September 17, 2001 3:55 PM
Subject: Re: Yahoogroups and Carnivore

> On Monday, September 17, 2001, at 05:46 PM, Benny Fischer wrote:
> > -In the FAQ they claim there is no IP stack .. so how can it have ip
> > based
> > filters to let in traffic .. or is this all done with custom software?
> >
> If they're just capturing raw ethernet, they can disassemble the packets
> themselves without exposing the machine to "everything-over-IP"
> vulnerabilities.  Surprisingly good design.
> Still, I can't see how they can do all the analysis with
> "post-processing".  There's just too much data on a big ISP's net.  Does
> it write to a monstrous tape library?  I'd think they'd at least want to
> do packet reassembly and sequencing in memory, then some filtering, for
> ease of analysis.  That would mean in-line software, which could, of
> course, be brought down with just the right malformed TCP packet
> sequence.  Unless they have much better-than-average programmers at the
> FBI.  Of course if they're doing any filtering at that level, they'll
> miss steganographic TCP sequence numbers, etc. (if someone's invented
> that...)
> -Bill