[4361] in cryptography@c2.net mail archive
Re: Newsnight Crypto Bazaar
daemon@ATHENA.MIT.EDU (Dave Emery)
Fri Mar 19 12:23:15 1999
Date: Thu, 18 Mar 1999 21:46:30 -0500
From: Dave Emery <die@die.com>
To: Bill Manning <bmanning@ISI.EDU>
Cc: cryptography@c2.net
Reply-To: die@die.com
Mail-Followup-To: Bill Manning <bmanning@ISI.EDU>, cryptography@c2.net
In-Reply-To: <199903190130.RAA29573@boreas.isi.edu>; from Bill Manning on Thu, Mar 18, 1999 at 05:30:45PM -0800
On Thu, Mar 18, 1999 at 05:30:45PM -0800, Bill Manning wrote:
(thanks for your reply...)
> >
> >
> > Can you state unequivocally that your IXP does not in any way
> > support national security monitoring of, or access to traffic ?
>
> Your statement can't be answered as the question is vauge...
>
> I guess that I'd have to state that since the IXP supports
> the laws of physics, we must also support monitoring and access
> to the traffic that crosses the exchange media. Given that,
> I can state the that exchange has never hosted a known
> monitor that was not announced to the participants of the exchange.
> The exchange has not, to date, been asked to host a covert tap.
OK, I should have phrased that more carefully... what I meant of
course was by your deliberate and intentional action (or lack of action
where you knew it would provide an opening for monitoring) have you
provided facilities or assistance to national security entities that
would enable them to monitor or intercept traffic flowing through your
facility to which they were not a party (eg not source or destination)
or assisted them in such monitoring ? This question includes such
monitoring known to the ISP participants in the exchange as well
as covert monitoring not known to the ISP participants.
I gather from your answer that you do from time to time monitor
traffic but that you always announce such monitoring to the participants
in the exchange. Is any of this monitoring that you announce to the
participants done for national security purposes as far you know ? Is
any of this monitoring done for law enforcement purposes other than
protecting you and the ISPs that participate in the exchange from attack
by crackers or vandals or other interferences with your operations ? And
is any of the monitoring done with the knowlage of the participants in
the exchange broadband monitoring that would give a third party access
to more than just the traffic to or from a short list of IP addresses
(eg allow generalized fishing for interesting material in a significant
cross section of traffic) ?
>
> > What
> > if any precautions have you taken to ensure that there are no
> > sophisticated penetrations of your routers or high speed digital (DACS)
> > circuit switching facilities that control circuits going in and out of
> > your facility ?
>
> ISP issues. The IXP has no routers, only layer2 switchmesh.
OK I guess I am asking how certain you are of the integrity
of your hardware and firmware configurations, how certain are you
that they have not been covertly penetrated so as to ship streams
of packets off to third parties (of any kind) in addition to sending
them to their rightful destinations ? How good are your access controls
and firmware revision controls and how certain are you of the real
configuration of the switch fabric at any moment ?
> > Have you carefully audited the traffic on each and
> > every digital circuit into and out of your installation to be sure that
> > only traffic supposed to be going out the circuit really is ?
>
> There are audits on each port into the switchmesh. We are
> not in any position to police traffic flows. That is the
> responsibility of the attaching ISPs.
Your audits would catch packets coming out of the mesh at
more than one port ?
>
> > Has this
> > audit taken place at the raw fiber interfaces where you can be confident
> > that you really do know what bits are flowing in and out ? Have you
> > accounted for all IP packets (and ATM cells) flowing on those interfaces
> > including those apparently encrypted ?
>
> OC3mon is your friend. Packet accounting is done w/o examining
> packet content (only check the headers and size). There is no
> legal reason to investigate the data portion so we don't. Can't
> tell if encryption is in use.
>
Could the packet accounting you do detect covert or overt
modifications to your switches or switch configuration that caused them
to copy packet streams sent between two ports to a third port as well ?
Do you check gross flows to convince yourself that for every packet going
in only one comes out ?
--
Dave Emery N1PRE, die@die.com DIE Consulting, Weston, Mass.
PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
