Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Carnivore presentation to NANOG

By Miniluv in Internet
Sun Nov 19, 2000 at 08:43:21 AM EST
Tags: Freedom (all tags)
Freedom

Everyone's heard about Carnivore, and everyone has an opinion of this program and its capabilities. EPIC has of course sued under FOIA to get all relevant documentation released for public consumption, and the FBI has been dragging their heels.


Security Focus has been providing continuing coverage, the latest bit of which I found interesting. It mentions that a Marcus Thomas of the FBI gave a presentation, including a demonstration, regarding Carnivore and DragonWare to the North American Network Operators Group. Included is this link to a page containing video of that presentation.
It's a large file, almost 400 meg, but very worth the download in my opinion. It's got some great screenshots of the capabilities and types of protocols that Carnivore is capable of obtaining, as well as showing Packeteer and CoolMiner, the infamous remainder of DragonWare. Packeteer is a session reconstructer which feeds data to CoolMiner which allows people to see webpages as viewed by the subject of the wiretap, as well as rebuilding telnet sessions, ICQ conversations, H.323 traffic, etc. Not all of this data needs to come from Carnivore, though it seems an awful lot of it could.

The screenshots clearly show that Carnivore is capable of grabbing packet streams based on ranges of source and destination IP's and ranges of ports, which are conveniently sorted in a list for the non-technically inclined and labelled with their common usage for those under 1024.

Also interesting is some of the verbal sparring that occurs between members of this highly technical audience and the presenter and his legal aide.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
Is Carnivore the real threat?
o Of course! 35%
o Nope, ISP's already have packet sniffers 16%
o Maybe 25%
o Are you nuts? Fear Inoshiro! 22%

Votes: 62
Results | Other Polls

Related Links
o EPIC
o FBI
o Security Focus
o latest bit
o North American Network Operators Group
o this link
o Also by Miniluv


Display: Sort:
Carnivore presentation to NANOG | 14 comments (7 topical, 7 editorial, 2 hidden)
Reminds me of... (3.00 / 8) (#1)
by Qtmstr on Sun Nov 19, 2000 at 01:46:10 AM EST

Packeteer and CoolMinor (What pathetic names) seem to have functionality almost identical to the popular packet sniffer Ethereal, which I use often.


Kuro5hin delenda est!
My impression... (2.80 / 5) (#2)
by Miniluv on Sun Nov 19, 2000 at 01:50:02 AM EST

Ya know, I was having the same general thoughts, though no particular package sprung out at me. In one way I think the press Carnivore's been getting has been blatantly overdone, though on the other that was also my opinion when it was ONLY an email scanner.
Part of the video that really bugged me, that no one really hammered on, is the low level of dial in security being used for configuration changes. I mean, call-back is a nice addition and very easy to implement, NT RAS can do it by default, I mention NT cuz that's what they run it on.
I also wonder at the motivation of Mr. Thomas's statement that he hopes they don't need to write custom apps in the future because the functions they need'll be available off the shelf...kinda worrysome...but maybe I'm not seeing the good uses.


"Its like someone opened my mouth and stuck a fistful of herbs in it." - Tamio Kageyama, Iron Chef 'Battle Eggplant'
[ Parent ]

Video for the less patient (4.80 / 5) (#12)
by bradenmcg on Mon Nov 20, 2000 at 01:36:36 AM EST

I've taken the liberty of converting the 364 meg video into a DiVX ;-) AVI.

Final file size: 53.2 MB.

Quality: not all that bad. The video is a little more grainy, but not unwatchable. The sound is radio-quality, but you can still understand everyone.

Please mirror this and post linkage. It's being served off my personal webserver; IIS5 on Win2k Pro. (Thus, a 10 connection limit. If it's busy, try later.)

Download it here.

You'll need the DiVX ;-) codec if you don't have it already. Get that here.

Enjoy!

<leonphelps>Yeah, now, uh, "sig," what is that?</leonphelps>

If I could! (none / 0) (#13)
by kubalaa on Tue Nov 21, 2000 at 03:35:39 AM EST

I would. I'm going to try and download it overnight but it's not looking good.

[ Parent ]
Mirror here! (5.00 / 1) (#14)
by kubalaa on Tue Nov 21, 2000 at 07:05:48 PM EST

I'm mirroring the AVI compressed version.

[ Parent ]
Carnivore presentation to NANOG | 14 comments (7 topical, 7 editorial, 2 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!