In message
<4(_dot_)3(_dot_)1(_dot_)0(_dot_)20000714083151(_dot_)02fd3100(_at_)209(_dot_)81(_dot_)50(_dot_)25>,
Doug Isenberg writes
:
From today's Wall Street Journal
(http://interactive.wsj.com/articles/SB963523417716552926.htm):
One of the nation's largest Internet-service providers, Earthlink Inc., has
refused to install a new Federal Bureau of Investigation electronic
surveillance device on its network, saying technical adjustments required
to use the device caused disruptions for customers.
The FBI has used Carnivore, as the surveillance device is called, in a
number of criminal investigations. But EarthLink is the first ISP to offer
a public account of an actual experience with Carnivore. The FBI has
claimed that Carnivore won't interfere with an ISP's operations....
One can draw some interesting conclusions from that article, though
firm technical details from the FBI would be welcome.
First -- the box was placed at the remote access servers, and is --
according to the article -- capable of monitoring email and other
network traffic. Earthlink claims that the box was incompatible with
the software version of the server they were running, and says that
they had to downgrade to an older, buggy version, which crashed,
causing a denial of service. The FBI, in turn, says that their box is
purely passive, so it can't affect the net.
My suspicion is that the box wants to monitor traffic based on IP
address, and not just email headers. To do that, it needs to know
when the suspect has dialed in, and what his/her IP address is. That,
in turn, would likely require monitoring of the RADIUS traffic, which
(if it were different from release to release) might have forced the
downgrade.
--Steve Bellovin