North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: New Rules On Internet Wiretapping Challenged

  • From: Vicky Rode
  • Date: Wed Nov 02 16:05:05 2005

Hash: SHA1

comments in-line:

Peter Dambier wrote:
> Vicky Rode wrote:
>>...Raising my hand.
>>My question is on Terry Hartle's comments, maybe someone with more
>>insight into this could help clear my confusion.
>>Why would it require to replace every router and every switch when my
>>understanding is, FCC is looking to install *additional* gateway(s) to
>>monitor Internet-based phone calls and emails.
> In a datacenter you have lines coming in and lines going out. And you
> have internal equippment.
> You have to eavesdrop on all of this because the supposed terrorist
> might come in via ssh and use a local mail programme to send his email.
- --------------
How do you differentiate between a hacker and a terrorist?

For all you know this so called "terrorist" might be coming from a
spoofed machine(s) behind anyone's desk.

> So you have to eavesdrop on all incoming lines because you dont know
> where he comes in. Via aDSL? via cable modem? Via a glass fiber?
> And you have to monitor all internal switches because you dont know
> which host he might have hacked.
> Guess a cheap switch with 24 ports a 100 Mbit. That makes 2.4 Gig.
> You have to watch all of these. They can all send at the same time.
> Your switch might have 1 Gig uplink. But that uplink is already in
> use for your uplink and it does not even support 2.4 Gig.
- -------------
There are ways to address over-subscription issues.

> How about switches used in datacenters with 48 ports, 128 ports, ...
> Where do you get the capacity for multiple Gigs just for eavesdropping?
> On the other hand - most switches have a port for debugging. But this
> port can only listen on one port not on 24 or even 48 of them.
> So you have to invent a new generation of switches.
- ----------------
I don't believe this is the primary reason for replacing every router
and every switch.

I think (correct me if I'm wrong) it has to do with the way wiretap
feature (lack of a better term) that .gov is wanting vendors to
implement within their devices, may be at the network stack level.

I guess it's time to revisit rfc 2804.

> How about the routers? They are even more complicated than a switch.
> As everybody should know by now - every router can be hacked. So
> your monitoring must be outside the router.
> The gouvernment will offer you an *additional* gateway.
> I wonder what that beast will look like. It must be able to take
> all input you get from a glass fiber. Or do they ask us to get
> down with our speed so they have time to eavesdrop.
- -----------------
powered by dhs w/ made in china sticker :-)

I'm not being smarty pants about is actually happening. That's
all I can say.


>>I can see some sort of
>>network redesign happening in order to accodomate this but replacing
>>every router and every switch sounds too drastic, unless I
>>mis-understood it. Please, I'm not advocating this change but just
>>trying to understand the impact from an operation standpoint.
> Yes, it is drastic. But if they want to eavesdrop that is the only
> way to do it.
>>Any insight will be appreciated.
> Here in germany we accidently have found out why east germany had
> to finally give up:
> They installed equippement to eavesdrop and tape on every single
> telefone line. They could not produce enough tapes to keep up
> with this :)
> Not to mention what happened when they "recycled" the tapes and
> did not have the time to first erase them :)
> Kind regards,
> Peter and Karin
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird -