[40777] in North American Network Operators' Group
Re: Routescience?
daemon@ATHENA.MIT.EDU (E.B. Dreger)
Wed Aug 22 13:36:57 2001
Date: Wed, 22 Aug 2001 17:33:11 +0000 (GMT)
From: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>
To: Peter Francis <peter@softaware.com>
Cc: Mike Lloyd <drmike@routescience.com>,
Jonas Luster <jluster@d-fensive.com>,
"'nanog@merit.edu'" <nanog@merit.edu>
In-Reply-To: <p05001902b7a99a9425ae@[66.123.151.50]>
Message-ID: <Pine.LNX.4.20.0108221727330.695-100000@www.everquick.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
(Please wrap lines at ~72 chars)
> If I am reading the "detailed" report right, the RS box actually
> is the border router:
>
> "Entry-level pricing includes a modular, 14-slot chassis that
> occupies eight rack units and support for two ISP links. Optional
> modules can be added to support additional ISP links and enhanced
> reporting features."
Ah. I skipped the part about "support for two ISP links".
> In which case, perhaps it is trying to pop open HTTP packets and
> insert its stealth GIF on the fly, at line speed.
>
> That's a lot of hardware for a function that might be better off
> embedded in the actual servers themselves ...
In-server is what I initially thought of, too. However, then one
must coordinate between servers... what's wrong with a simple box
in promiscuous mode snagging eq 80 and eq 443 packets and dumping
the rest?
It just seems a shame to have to store and forward all the traffic
when one can analyze it from another viewpoint. Yes, managed
switches complicate sniffing, but many (most? all?) managed
switches have a "monitor port" that can wiretap traffic.
Eddy
---------------------------------------------------------------------------
Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
---------------------------------------------------------------------------
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@brics.com>
To: blacklist@brics.com
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots. Do NOT
send mail to <blacklist@brics.com>, or you are likely to be blocked.