|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: New Rules On Internet Wiretapping Challenged
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 comments in-line: Peter Dambier wrote: > Vicky Rode wrote: > >>...Raising my hand. >> >>My question is on Terry Hartle's comments, maybe someone with more >>insight into this could help clear my confusion. >> >>Why would it require to replace every router and every switch when my >>understanding is, FCC is looking to install *additional* gateway(s) to >>monitor Internet-based phone calls and emails. > > > In a datacenter you have lines coming in and lines going out. And you > have internal equippment. > > You have to eavesdrop on all of this because the supposed terrorist > might come in via ssh and use a local mail programme to send his email. - -------------- How do you differentiate between a hacker and a terrorist? For all you know this so called "terrorist" might be coming from a spoofed machine(s) behind anyone's desk. > > So you have to eavesdrop on all incoming lines because you dont know > where he comes in. Via aDSL? via cable modem? Via a glass fiber? > > And you have to monitor all internal switches because you dont know > which host he might have hacked. > > Guess a cheap switch with 24 ports a 100 Mbit. That makes 2.4 Gig. > You have to watch all of these. They can all send at the same time. > Your switch might have 1 Gig uplink. But that uplink is already in > use for your uplink and it does not even support 2.4 Gig. - ------------- There are ways to address over-subscription issues. > > How about switches used in datacenters with 48 ports, 128 ports, ... > Where do you get the capacity for multiple Gigs just for eavesdropping? > > On the other hand - most switches have a port for debugging. But this > port can only listen on one port not on 24 or even 48 of them. > > So you have to invent a new generation of switches. - ---------------- I don't believe this is the primary reason for replacing every router and every switch. I think (correct me if I'm wrong) it has to do with the way wiretap feature (lack of a better term) that .gov is wanting vendors to implement within their devices, may be at the network stack level. I guess it's time to revisit rfc 2804. > > How about the routers? They are even more complicated than a switch. > > As everybody should know by now - every router can be hacked. So > your monitoring must be outside the router. > > The gouvernment will offer you an *additional* gateway. > I wonder what that beast will look like. It must be able to take > all input you get from a glass fiber. Or do they ask us to get > down with our speed so they have time to eavesdrop. - ----------------- powered by dhs w/ made in china sticker :-) I'm not being smarty pants about this...it is actually happening. That's all I can say. regards, /virendra > > > >>I can see some sort of >>network redesign happening in order to accodomate this but replacing >>every router and every switch sounds too drastic, unless I >>mis-understood it. Please, I'm not advocating this change but just >>trying to understand the impact from an operation standpoint. >> > > > Yes, it is drastic. But if they want to eavesdrop that is the only > way to do it. > > >>Any insight will be appreciated. >> >> >> >>regards, >>/virendra >> > > > Here in germany we accidently have found out why east germany had > to finally give up: > > They installed equippement to eavesdrop and tape on every single > telefone line. They could not produce enough tapes to keep up > with this :) > > Not to mention what happened when they "recycled" the tapes and > did not have the time to first erase them :) > > > Kind regards, > Peter and Karin > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDaSmqpbZvCIJx1bcRAhU9AJoC54jYhsUMs7aO6xQ/5kEX79gt9wCcDWkT L8hApJtW2gqfibjYfq7E7Z0= =3yz1 -----END PGP SIGNATURE----- |