[Details on the AT&T/NSA wiretapping]

Eugen Leitl eugen at leitl.org
Mon Apr 10 08:58:14 PDT 2006

[from somelist]

Hash: SHA1

	That's what it appears we are up against, folks. Real-time semantic data
	monitoring on a huge scale. A scale beyond what most of us can even
	comprehend. It's scarey.


- -ken
- --
- ---------------
The world's most affordable web hosting.
Version: GnuPG v1.4.1 (GNU/Linux)


	[The following is "not for attribution".

	 I've sent away for their white papers (and have yet to get a
	 reply --- I suspect they've been dailykossed), but I suspect
	 that they're using the word "semantic" at a far lower level
	 than people are accustomed to thinking.

	 You have to understand that all you users just exist to
	 provide a test load for our network.

	 If you spend your life at layer 2 of the network (down where
	 packets change direction based on the value of a few bits in
	 the IP header) then looking beyond the IP header (to such
	 exotic places as the port numbers in the TCP header) to
	 recognize that one packet as likely to be HTTP and another as
	 likely to be VOIP is considered "semantic".  And it's harder
	 than you'd think it would be at 10Gbps (that's one packet
	 roughly every 200 nanoseconds).

	 One of the reasons I am dubious about this article is that
	 the peering point that tries to do intrusion detection
	 between what we used to refer to as "the Milnet" and the rest
	 of the world is unable to monitor packets on 1Gbps links (so
	 they keep adding 1Gbps links every couple of months instead
	 of adding 10Gbps links less frequently).  That site has
	 hardware money coming out its ears (they talk about keeping
	 several hundred gigabytes of transaction logs in RAM).  And,
	 that site is run in cooperation with NSA.

	 If this equipment did what is being claimed, I think that
	 peering point would know about it and be using it for lesser
	 things like intrusion detection. ---p*zz*]

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

More information about the Testlist mailing list