| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5207EA52.5050607@rsbac.org>
Date: Sun, 11 Aug 2013 21:47:30 +0200
From: Michal Purzynski <michal@...ac.org>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: XKeyscore sees 'nearly EVERYTHING you do
On 8/11/13 4:16 AM, Pedro Luis Karrasquillo wrote:
> TAPs are no longer physical devices a spy installs on a wire somewhere.
> NSA picks this up remotely via a very secret SNMP command. I explained
> this in detail here:
> http://dustupblog.com/2013/06/11/privacy-in-america-is-a-myth-lets-thank-ourselves/
>
> I been in networking since 1996...
And never got my 5 minutes of fame, so decided to try here. Bad idea, I
would say, too many smart people here.
That's actualy a very laughable, so I enjoyed it!
So, NSA throws a super secret black boxes everywhere. They have to be
black, so the spy-climate is dense enough.
You are in networking from so long, tell me than. In order to intercept
a lot of traffic, would you rather do it like described and spent lots
of money, do a lots of cabling (packets needs them, you know?) and
maintain tons of the boxes, or just tap fibres and get the same packets
wholesale?
That would be a very, very bad design to do the number 1 design. Taping
is just easier and there's less people involved.
Also, that's even more funny, because we actualy know that SNMP and MIB
are for and it just blowns your story. How do you monitor packets via
SNMP? Say, you have your top secret command and the
router/switch/firewall starts shipping packets to NSA... but WHERE? How
do they appear on a target box? Magic? UFO? Mind reading?
You would need a CABLE from MANY devices to your collecting server. Too
many of them to make it possible. Kind of a span port I guess. But you
would overflow it quickly, too. So you need many span ports from each of
the devices... so many that next time I make a business plan and buy a
new network gear, I will have to factor that in and add a "we need 10
more ports for NSA, but don't ask about it".
BTW, I've figured out the Top Super Secret Umbra Venona key. It's
described here, in plaintext.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB10878
Now, NSA will have all of us killed. Too bad I'm in the car, might be
able to escape. Let me turn off all my cellphones or even throw them
away, just in case. Or maybe abandon my car, and walk - looking over my
shoulder from time to time and taking a circular route.
So, you don't need a secret SNMP command, you can just configure your
span port / mirroring port. In order to intercept that amount of traffic
you would need to span so many devices that it's impossible. See also
the span port overflow remark.
Oh and bad shoot with the "MIBs" too. They are just ... numbers
representing what kind of info do you want (more or less). There's no
magic either.
Of course, because you need so many span ports, it's a worldwide
conspiracy among most of the ISP network engineers - someone has to
connect the cable, you know. Or is the cable translucent and invisible?
And connected to the invisible port, too? Now I feel that all these
years I've been working at ISP I was missing out a lot of crazy and
fancy work!
SURE they are intercepting lots of data, but doing it in a most smart
and efficient way possible - they got some Big Brainz behind it, too.
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists