lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 11 Aug 2013 21:47:30 +0200
From: Michal Purzynski <>
Subject: Re: XKeyscore sees 'nearly EVERYTHING you do

On 8/11/13 4:16 AM, Pedro Luis Karrasquillo wrote:
> TAPs are no longer physical devices a spy installs on a wire somewhere.
> NSA picks this up remotely via a very secret SNMP command. I explained 
> this in detail here: 
> I been in networking since 1996...

And never got my 5 minutes of fame, so decided to try here. Bad idea, I 
would say, too many smart people here.

That's actualy a very laughable, so I enjoyed it!

So, NSA throws a super secret black boxes everywhere. They have to be 
black, so the spy-climate is dense enough.

You are in networking from so long, tell me than. In order to intercept 
a lot of traffic, would you rather do it like described and spent lots 
of money, do a lots of cabling (packets needs them, you know?) and 
maintain tons of the boxes, or just tap fibres and get the same packets 

That would be a very, very bad design to do the number 1 design. Taping 
is just easier and there's less people involved.

Also, that's even more funny, because we actualy know that SNMP and MIB 
are for and it just blowns your story. How do you monitor packets via 
SNMP? Say, you have your top secret command and the 
router/switch/firewall starts shipping packets to NSA... but WHERE? How 
do they appear on a target box? Magic? UFO? Mind reading?

You would need a CABLE from MANY devices to your collecting server. Too 
many of them to make it possible. Kind of a span port I guess. But you 
would overflow it quickly, too. So you need many span ports from each of 
the devices... so many that next time I make a business plan and buy a 
new network gear, I will have to factor that in and add a "we need 10 
more ports for NSA, but don't ask about it".

BTW, I've figured out the Top Super Secret Umbra Venona key. It's 
described here, in plaintext.

Now, NSA will have all of us killed. Too bad I'm in the car, might be 
able to escape. Let me turn off all my cellphones or even throw them 
away, just in case. Or maybe abandon my car, and walk - looking over my 
shoulder from time to time and taking a circular route.

So, you don't need a secret SNMP command, you can just configure your 
span port / mirroring port. In order to intercept that amount of traffic 
you would need to span so many devices that it's impossible. See also 
the span port overflow remark.

Oh and bad shoot with the "MIBs" too. They are just ... numbers 
representing what kind of info do you want (more or less). There's no 
magic either.

Of course, because you need so many span ports, it's a worldwide 
conspiracy among most of the ISP network engineers - someone has to 
connect the cable, you know. Or is the cable translucent and invisible? 
And connected to the invisible port, too? Now I feel that all these 
years I've been working at ISP I was missing out a lot of crazy and 
fancy work!

SURE they are intercepting lots of data, but doing it in a most smart 
and efficient way possible - they got some Big Brainz behind it, too.

Content of type "text/html" skipped

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists