Re: Choke Carnivore Day
From
"V. Alex Brennen" <vab@metanet.org>
Date
Fri, 8 Sep 2000 14:20:29 -0400 (EDT)
[: hacktivism :]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 7 Sep 2000, Lub Dub Saaaa wrote:
| is there anyway to overflow carnivore? oversatiate it? what if we
| could build something like an AI monster that justs spews out
| "FBI-border-CIA-fringe-change-revolution" emails. Autonomous,
| self-sustainable decoy producers. Something like that.
Did you all even read up on carnivore? From what I've read,
carnivore is a network sniffer that is attached to a LAN.
Carnivore is designed to pick up email exchanges between a
certain individual - both incoming and outgoing.
So, basically carnivore is plugged into a port of a switch which
all (mail) traffic is being dumped to. Carnivore picks up all
the packets that run through it, assembles them and scans them
for a specific email address. If a message is found which
contains a target email it's written to disk.
You could pretty easily write your own version of carnivore
by snatching some ethereal code and writing a few quick perl
scripts to do the regex's for you on the assembled packets.
So now that you better understand carnivore, think about how
a DoS against it would have to work. I heard somewhere that
the FBI said that there was about 40 (IIRC) carnivores currently
in active use. So, since carnivore picks up packets off a
lan and scans for an email address, you need to know those
40 email addresses in order to get carnivore to write to
disk. Now, if we put aside the fact that of those 40 people,
probably all 40 are people you'd agree belong in prison. We
still have the fact that if you really wanted to interfere
with the FBI investigation the best way to do it would be
to call those 40 people up and tell them "Hey you're under
investigation by the FBI." So, lets put that one aside too.
And we'll ignore the other major problem that if you go
mess up 40 FBI investigations you've just committed a series
of major felonies 40 times.
Which leaves us with two types of site the FBI is working
with - bigger ISPs and Free Email providers (earthlink,
Hotmail, etc) and crappy little ISPs who are probably running
a few linux boxes and a cisco 2500 series router hooked to a
Frac T1.
Lets talk about the little guys first. They don't have the
experience/knowledge to stop something like this. But, you
still run into hardware limitations. Lets say they've got
a full T1, that 1.44Mbits/sec that 180,000Bytes a sec which
is about 175k/sec. Let's say these Carnivore boxes have
60GB storage - 2 30s. Now divide 60GB by 175K that's like
342,857 seconds or about 95 hours or 4 days. So you'd need
to saturate your dest T1 for 4 days to fill up 60GB.
Assuming you manage to do this with some type of distributed
virus so you can't just get filtered, you're still DoSing
the ISP before you DoS carnivore. I've got a 75GB tape
drive that I can fill each night, if carnivore backs up to
tape and wipes it's hard drive - you couldn't physically
DoS it over a T1. Realize, that you're totally DoSing
the ISP the ENTIRE time you're attempting to DoS carnivore.
The big guys will just run circles around you technically.
They've delt with these kinds of DoSs in the past and
have network architectures to prevent and mitigate them.
So basically, it's technically infeasible. But you still
have the moral and ethical problems. I assume most of
those 40 are all child pornographers and/or child molesters.
You want to use significant resources to hinder the FBI's
ability to investigate and monitor them why? Because
they're using the internet to monitor them and you
don't think that's kosher? Come on!
If you don't want the FBI monitoring email, you should
do the following:
1) Good old fashion activism. Get involved in the EFF,
ACLU, CTP and other policy groups that are fighting
it, and lobbying for strong crypto access.
3) Honesty. Don't be a fucking hypocrite. If you want
email to be protected - encrypt and sign your own.
I haven't seen anyone use crypto on this list yet.
4) Advocacy. Advocate other people use crypto. Teach
them. Write docs on crypto usage and crypto theory.
5) Run freenet nodes.
6) hacktavism. Not script kiddie hacktavism, but real
hacktavism. Make it technically infeasible for the
FBI to do it. Expand the keylength in gpg, work on
writing code to get x509's everywhere, work on gpg
mail client integration... Work on reputation systems
and get sendmail with TLS up and going. Work on the
code for crypto systems. Basically hack (write
computer code) some strong crypto. Or volunteer at
your local freenet and set up crypto capable software
and a CA for them.
I've been on this list for a while now and I'm really
disappointed. I think the people subscribed to it need to
ask themselves what it is they want to accomplish. If you
all put the energy it would take to mess with carnivore
into some thing proactive, productive and directional, or
even just put in the energy you've spent talking about
carnivore, you could change the world.
Carnivore is such a non-issue. It's just sexy to you
because it involves the FBI and it's in the media.
Something like what your idea of carnivore is would be
impossible if everyone used strong crypto. The real
issues where hacktavists could make a difference haven't
even been mentioned on this list.
All the information you need is out there, on the internet,
for free. You just need to put in the time and effort to
learn it.
Stop writing emails about carnivore and run some searches
though google, and read through what google gives you.
Read some RFCs and some working documents. Don't ask
other people to explain things to you. That wastes your
time and theirs. Not knowing how to do something is not
an excuse, it's all easy to learn. It's all out there on
the web, written out clearly, for free. Go read it. Go
learn it. Then apply it.
- VAB [EF!]
- ---
V. Alex Brennen [vab@metanet.org]
[http://www.metanet.org/people/vab/]
C R Y P T O A N A R C H I S T
"You've got my PGP key, so let's do this."
- the gas mask wearer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5uS38eodYZhzLhvURAnNGAJ9WKMAG7IB+hyfoh4QdD1tpJP1tWwCeObIK
/CzDVBlExvB10HjqFXXb+kw=
=mNYY
-----END PGP SIGNATURE-----
[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: http://hacktivism.tao.ca/ :]