-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 comments in-line: Peter Dambier wrote:
Vicky Rode wrote:
...Raising my hand.
My question is on Terry Hartle's comments, maybe someone with more insight into this could help clear my confusion.
Why would it require to replace every router and every switch when my understanding is, FCC is looking to install *additional* gateway(s) to monitor Internet-based phone calls and emails.
In a datacenter you have lines coming in and lines going out. And you have internal equippment.
You have to eavesdrop on all of this because the supposed terrorist might come in via ssh and use a local mail programme to send his email.
How do you differentiate between a hacker and a terrorist? For all you know this so called "terrorist" might be coming from a spoofed machine(s) behind anyone's desk.
So you have to eavesdrop on all incoming lines because you dont know where he comes in. Via aDSL? via cable modem? Via a glass fiber?
And you have to monitor all internal switches because you dont know which host he might have hacked.
Guess a cheap switch with 24 ports a 100 Mbit. That makes 2.4 Gig. You have to watch all of these. They can all send at the same time. Your switch might have 1 Gig uplink. But that uplink is already in use for your uplink and it does not even support 2.4 Gig.
- ------------- There are ways to address over-subscription issues.
How about switches used in datacenters with 48 ports, 128 ports, ... Where do you get the capacity for multiple Gigs just for eavesdropping?
On the other hand - most switches have a port for debugging. But this port can only listen on one port not on 24 or even 48 of them.
So you have to invent a new generation of switches.
- ---------------- I don't believe this is the primary reason for replacing every router and every switch. I think (correct me if I'm wrong) it has to do with the way wiretap feature (lack of a better term) that .gov is wanting vendors to implement within their devices, may be at the network stack level. I guess it's time to revisit rfc 2804.
How about the routers? They are even more complicated than a switch.
As everybody should know by now - every router can be hacked. So your monitoring must be outside the router.
The gouvernment will offer you an *additional* gateway. I wonder what that beast will look like. It must be able to take all input you get from a glass fiber. Or do they ask us to get down with our speed so they have time to eavesdrop.
- ----------------- powered by dhs w/ made in china sticker :-) I'm not being smarty pants about this...it is actually happening. That's all I can say. regards, /virendra
I can see some sort of network redesign happening in order to accodomate this but replacing every router and every switch sounds too drastic, unless I mis-understood it. Please, I'm not advocating this change but just trying to understand the impact from an operation standpoint.
Yes, it is drastic. But if they want to eavesdrop that is the only way to do it.
Any insight will be appreciated.
regards, /virendra
Here in germany we accidently have found out why east germany had to finally give up:
They installed equippement to eavesdrop and tape on every single telefone line. They could not produce enough tapes to keep up with this :)
Not to mention what happened when they "recycled" the tapes and did not have the time to first erase them :)
Kind regards, Peter and Karin
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDaSmqpbZvCIJx1bcRAhU9AJoC54jYhsUMs7aO6xQ/5kEX79gt9wCcDWkT L8hApJtW2gqfibjYfq7E7Z0= =3yz1 -----END PGP SIGNATURE-----