[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Sampled Traffic Analysis by Internet-Exchange-Level Adversaries

On 5/28/07, Steven Murdoch <tortalk+Steven.Murdoch@xxxxxxxxxxxx> wrote:
I do think that a global passive adversary is stronger than the real
world situation. For example, such an adversary could read traffic
between two computers in my office, which I suspect is outside of the
NSA's capabilities, unless I were targeted for special attention.

thanks for the clarification.  i tend to forget that the "passive
adversary" applies to all network communication, not just internet
links across isp's, countries, and oceans...

The point behind that section was to dispel the myth that traffic
analysis is easy, because you can just run tcpdump on off-the-shelf
hardware. Actually, on high-speed links it requires serious
engineering effort to even capture the data, let alone store it.

ah, agreed; i was unaware of such a myth, and the thought of someone
trying to inspect 10GigE with a workstation and wireshark is comical.

thanks again for these efforts.

best regards,