[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAFWC0633pMwQtWB0PemVfoqZEZQ=-YGmWz0taZp9SbpsxNDJDA@mail.gmail.com>
Date: Sun, 11 Aug 2013 10:13:30 -0400
From: Justin Elze <formulals1@...il.com>
To: Valdis.Kletnieks@...edu
Cc: Pedro Luis Karrasquillo <peter_toyota@...mail.com>,
"full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: XKeyscore sees 'nearly EVERYTHING you do
The SNMP theory is a pretty horrible one.
Firewalls and ACLs both block SNMP at ISPs
Even if you it did suddenly allow the NSA/whoever to SPAN a port the amount
of traffic would be extremely obvious.
If you were going to do this passive optical taps would be easy, cost
effective, and non intrusive(once installed)
On Sun, Aug 11, 2013 at 10:00 AM, <Valdis.Kletnieks@...edu> wrote:
> On Sat, 10 Aug 2013 22:16:15 -0400, Pedro Luis Karrasquillo said:
>
> > NSA picks this up remotely via a very secret SNMP command.
>
> So has anybody ever spotted this SNMP command in a tcpdump?
> Found the code that handles it in net-snmp? Cisco IOS? JunOS?
> Nobody's ever caught their supervisor CPU get pegged due to SNMP
> management? Nobody spotted it a few years ago when everybody and
> their pet llama was fuszzing SNMP implementations? Not one "Hey,
> that command didn't get rejected, wonder what it does"? If it isn't
> on a device installed on the local net, how does the SNMP packet get
> through firewalls and/or airgaps to the management network? And
> more importantly, how does the return traffic get exfiltrated without
> being noticed?
>
> Occam's Razor suggests it's much more likely to be very similar in
> form and function to a CALEA box on steroids.
>
> Not saying the NSA isn't sucking up data - but I've seen no plausible
> evidence that it's done via SNMP.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
IMPORTANT NOTICE: This e-mail and any attachments thereto is intended only
for use by the individual or entity to whom it's addressed and may be
proprietary and/or legally privileged. If you are not the intended
recipient of this e-mail, you are hereby notified that any dissemination,
distribution or copying of this email, and any attachments thereto, without
the prior written permission of the sender is strictly prohibited. If you
receive this e-mail in error, please immediately telephone or e-mail the
sender and permanently delete the original copy and any copy of this
e-mail, and any printout thereof.
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists