http://www.faqs.org/rfcs/rfc3924.html http://www.blackhat.com/presentations/bh-dc-10/Cross_Tom/BlackHat-DC-2010-Cross-Attacking-LawfulI-Intercept-wp.pdf http://www.cisco.com/en/US/tech/tk583/tk799/tsd_technology_support_protocol_home.html
On Sun, Aug 11, 2013 at 2:47 PM, Michal Purzynski <[email protected]> wrote: > On 8/11/13 4:16 AM, Pedro Luis Karrasquillo wrote: > > TAPs are no longer physical devices a spy installs on a wire somewhere. > NSA picks this up remotely via a very secret SNMP command. I explained > this in detail here: > http://dustupblog.com/2013/06/11/privacy-in-america-is-a-myth-lets-thank-ourselves/ > > I been in networking since 1996... > > > And never got my 5 minutes of fame, so decided to try here. Bad idea, I > would say, too many smart people here. > > That's actualy a very laughable, so I enjoyed it! > > So, NSA throws a super secret black boxes everywhere. They have to be > black, so the spy-climate is dense enough. > > You are in networking from so long, tell me than. In order to intercept a > lot of traffic, would you rather do it like described and spent lots of > money, do a lots of cabling (packets needs them, you know?) and maintain > tons of the boxes, or just tap fibres and get the same packets wholesale? > > That would be a very, very bad design to do the number 1 design. Taping is > just easier and there's less people involved. > > Also, that's even more funny, because we actualy know that SNMP and MIB > are for and it just blowns your story. How do you monitor packets via SNMP? > Say, you have your top secret command and the router/switch/firewall starts > shipping packets to NSA... but WHERE? How do they appear on a target box? > Magic? UFO? Mind reading? > > You would need a CABLE from MANY devices to your collecting server. Too > many of them to make it possible. Kind of a span port I guess. But you > would overflow it quickly, too. So you need many span ports from each of > the devices... so many that next time I make a business plan and buy a new > network gear, I will have to factor that in and add a "we need 10 more > ports for NSA, but don't ask about it". > > BTW, I've figured out the Top Super Secret Umbra Venona key. It's > described here, in plaintext. > > https://kb.juniper.net/InfoCenter/index?page=content&id=KB10878 > > Now, NSA will have all of us killed. Too bad I'm in the car, might be able > to escape. Let me turn off all my cellphones or even throw them away, just > in case. Or maybe abandon my car, and walk - looking over my shoulder from > time to time and taking a circular route. > > So, you don't need a secret SNMP command, you can just configure your span > port / mirroring port. In order to intercept that amount of traffic you > would need to span so many devices that it's impossible. See also the span > port overflow remark. > > Oh and bad shoot with the "MIBs" too. They are just ... numbers > representing what kind of info do you want (more or less). There's no magic > either. > > Of course, because you need so many span ports, it's a worldwide > conspiracy among most of the ISP network engineers - someone has to connect > the cable, you know. Or is the cable translucent and invisible? And > connected to the invisible port, too? Now I feel that all these years I've > been working at ISP I was missing out a lot of crazy and fancy work! > > SURE they are intercepting lots of data, but doing it in a most smart and > efficient way possible - they got some Big Brainz behind it, too. > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
