General discussion

Locked

Does Carnivore's "failure" surprise you?

By debate ·
Tell us what you think about the reported failure of the FBI's Carnivore tool, as featured in the latest Internet Security Focus e-newsletter. Are you surprised about Carnivore's reported failure? What frame grabbing (or packet sniffing) tools do you use on your network to monitor nefarious behavior? How do you glean useful info from the data these tools obtain?

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Switches aren't secure

by terry_luedtke In reply to Does Carnivore's "failure ...

I'm afriad your rule "Hubs are bad, switches are good" doesn't apply in a security sense. There are ways to sniff packets on switches, it just takes a little more work. See

http://www.infoworld.com/articles/op/xml/00/05/29/000529opswatch.xml

and

http://rr.sans.org/threats/middle.php

Terry Luedtke

Collapse -

Quite Right

by aja In reply to Switches aren't secure

See also:

http://www.sans.org/newlook/resources/IDFAQ/switched_network.htm
and just in case you think VLANS are secure, see
http://www.sans.org/newlook/resources/IDFAQ/vlan.htm
which is also referednes from various Cisco white papers on VLANs

Cisco also have design papers that make it clear
that switches are not inteed as security devices
and should not be used as such or relied on in
any way to act as security devices. All they do
is limit the broadcast domain and so improve
thoguhput in certain conditions.

See
http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safe_wp.htm
http://www.cisco.com/warp/public/707/21.html

I know it sounds self-serving, but security is
not something that can be addressed lightly, it really does need someone who makes a full-time job of it. There are just so many myths like this one about switches. Take a look at
http://www.counterpane.com/crypto-gram.html
or
http://catless.ncl.ac.uk/Risks

Anton J Aylward,
CISSP

Collapse -

Failure to capture or to interpret?

by creis In reply to Does Carnivore's "failure ...

Dear Tech Republic,

I can't say i understant Carnivore all that much, yet the very thought that anyone can filter other people's communications for their own motives should be a concern to everyone. Yet, the bad guys must be caught and made to pay for their transgressions.

How was it determined that Carnivore failed? what metrics were used to define that? was it a failure of the system or of interpretation of the data it provided, or worse - a failure of communication? let's hope that someone works that out and ensures that a Setptember11-like episode never again darkens the world.

Back to Web Development Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums