On Mon, 17 Sep 2001, Patrick W. Gilmore wrote:
My understanding is that it is no inline, it uses a "monitor port" on a switch which duplicates all traffic.
If that is the case, then it is not a silly statement, it is factually correct.
Can anyone confirm or deny the above?
You are correct, Patrick. Carnivore is a passive network monitor, and passive attacks are undetectable. The only way a DCS1000 system would interrupt your network would be if it were improperly installed. (The FBI agent unplugs something he shouldn't, or decides to change your network layout to get everything flowing past his Carnivore box. At NANOG 20, the FBI demonstrated Carnivore to the attendees. One of those attendees was kind enough to write a report and anonymously publish it. http://cryptome.org/carnivore-demo.htm It's basically a sniffer with some really nice filtering and post-processing. By filtering, I mean filtering of the data logged, not of the data flowing through the network. --Len.