[42532] in North American Network Operators' Group
Re: Yahoogroups and Carnivore
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Mon Sep 17 16:52:10 2001
From: "Steven M. Bellovin" <smb@research.att.com>
To: "Patrick W. Gilmore" <patrick@ianai.net>
Cc: nanog@merit.edu, cris@dsnet.net,
"'Joel Jaeggli'" <joelja@darkwing.uoregon.edu>,
"'Jay Fenello'" <Jay@Fenello.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 17 Sep 2001 16:21:33 -0400
Message-Id: <20010917202134.F2D357BFD@berkshire.research.att.com>
Errors-To: owner-nanog-outgoing@merit.edu
In message <5.1.0.14.2.20010917155726.049e6708@127.0.0.1>, "Patrick W. Gilmore"
writes:
>
>At 03:42 PM 9/17/2001 -0400, Cristopher Daniluk wrote:
> >That's just a silly statement, it's a text processor/parser. It's another
> >layer. Of course its going to have an effect. On the average person, I would
> >venture to guess its overwhelmingly negligible, but it could very well
> >bottleneck someone like Yahoo.
>
>My understanding is that it is no inline, it uses a "monitor port" on a
>switch which duplicates all traffic.
>
>If that is the case, then it is not a silly statement, it is factually correct
>.
>
>Can anyone confirm or deny the above?
>
Your understanding correct. They use a splitter, and put the
monitoring machine on one of the legs. (The independent review of
Carnivore is at http://www.usdoj.gov:80/jmd/publications/carniv_entry.htm;
comments on that review are at
http://www.crypto.com/papers/carnivore_report_comments.html)
--Steve Bellovin, http://www.research.att.com/~smb
http://www.wilyhacker.com
