[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CANtF8NAtmE+ypWO=KseVTZUmRU8HLbyrzgDZH1JNpKEHR3ANGA@mail.gmail.com>
Date: Sun, 11 Aug 2013 19:39:57 -0500
From: Grandma Eubanks <tborland1@...il.com>
To: Michal Purzynski <michal@...ac.org>
Cc: Full-Disclosure mailing list <full-disclosure@...ts.grok.org.uk>
Subject: Re: XKeyscore sees 'nearly EVERYTHING you do
http://www.faqs.org/rfcs/rfc3924.html
http://www.blackhat.com/presentations/bh-dc-10/Cross_Tom/BlackHat-DC-2010-Cross-Attacking-LawfulI-Intercept-wp.pdf
http://www.cisco.com/en/US/tech/tk583/tk799/tsd_technology_support_protocol_home.html
On Sun, Aug 11, 2013 at 2:47 PM, Michal Purzynski <michal@...ac.org> wrote:
> On 8/11/13 4:16 AM, Pedro Luis Karrasquillo wrote:
>
> TAPs are no longer physical devices a spy installs on a wire somewhere.
> NSA picks this up remotely via a very secret SNMP command. I explained
> this in detail here:
> http://dustupblog.com/2013/06/11/privacy-in-america-is-a-myth-lets-thank-ourselves/
>
> I been in networking since 1996...
>
>
> And never got my 5 minutes of fame, so decided to try here. Bad idea, I
> would say, too many smart people here.
>
> That's actualy a very laughable, so I enjoyed it!
>
> So, NSA throws a super secret black boxes everywhere. They have to be
> black, so the spy-climate is dense enough.
>
> You are in networking from so long, tell me than. In order to intercept a
> lot of traffic, would you rather do it like described and spent lots of
> money, do a lots of cabling (packets needs them, you know?) and maintain
> tons of the boxes, or just tap fibres and get the same packets wholesale?
>
> That would be a very, very bad design to do the number 1 design. Taping is
> just easier and there's less people involved.
>
> Also, that's even more funny, because we actualy know that SNMP and MIB
> are for and it just blowns your story. How do you monitor packets via SNMP?
> Say, you have your top secret command and the router/switch/firewall starts
> shipping packets to NSA... but WHERE? How do they appear on a target box?
> Magic? UFO? Mind reading?
>
> You would need a CABLE from MANY devices to your collecting server. Too
> many of them to make it possible. Kind of a span port I guess. But you
> would overflow it quickly, too. So you need many span ports from each of
> the devices... so many that next time I make a business plan and buy a new
> network gear, I will have to factor that in and add a "we need 10 more
> ports for NSA, but don't ask about it".
>
> BTW, I've figured out the Top Super Secret Umbra Venona key. It's
> described here, in plaintext.
>
> https://kb.juniper.net/InfoCenter/index?page=content&id=KB10878
>
> Now, NSA will have all of us killed. Too bad I'm in the car, might be able
> to escape. Let me turn off all my cellphones or even throw them away, just
> in case. Or maybe abandon my car, and walk - looking over my shoulder from
> time to time and taking a circular route.
>
> So, you don't need a secret SNMP command, you can just configure your span
> port / mirroring port. In order to intercept that amount of traffic you
> would need to span so many devices that it's impossible. See also the span
> port overflow remark.
>
> Oh and bad shoot with the "MIBs" too. They are just ... numbers
> representing what kind of info do you want (more or less). There's no magic
> either.
>
> Of course, because you need so many span ports, it's a worldwide
> conspiracy among most of the ISP network engineers - someone has to connect
> the cable, you know. Or is the cable translucent and invisible? And
> connected to the invisible port, too? Now I feel that all these years I've
> been working at ISP I was missing out a lot of crazy and fancy work!
>
> SURE they are intercepting lots of data, but doing it in a most smart and
> efficient way possible - they got some Big Brainz behind it, too.
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists