[FoRK] what does evesdropping sound like?

Eugen Leitl < eugen at leitl.org > on > Mon Jul 10 03:44:50 PDT 2006

On Sun, Jul 09, 2006 at 08:45:58PM -0700, J. Andrew Rogers wrote:

> You cannot hear someone tapping your traffic.  Modern wiretaps and  
> carnivore type devices work by mirroring packets to another port on  
> the switch fabric.  It is completely transparent with respect to your  
> connection and essentially undetectable.

The NARUSes are even fed from OSI Layer 1 taps, i.e. quite a few
more storeys down. Of course, you still need a telco truck to
tap a POTS line close to the source (i.e., not at the switch).
In theory, it might generate measurable and sometimes even audible
line artifacts. But that's warrant-encumbered, obviously doesn't
scale and is only for your local flatfeet catching petty crooks
or gathering the dirt on the opposition.

But, no worries, it's much easier to sip from the firehose by
deep-inspecting traffic at topological hotspots, and pick out
the relevant part you want to focus on. The only way to address
that is point-to-point encryption (so you don't know what the
payload is, so you can't filter out specific traffic types), 
and traffic remixing (onion routing) to make trivial traffic 
analysis prohibitive.

Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the FoRK mailing list