[Dshield] Patriot Taps

Andy Cuff [talisker] offthecuff at lineone.net
Mon Aug 4 16:26:42 GMT 2003

Whilst I don't wish to get into the sensitive issue of Lawful Interception
using routers, the subject of network taps always interests me.  I have
details on every product vendor here
http://www.networkintrusion.co.uk/taps.htm unless of course you know
different?   I am missing some of the fiber vampire taps that use a variety
of methods to get the data, from refraction to Ralleigh emissions and
introduce varying levels of detectable losses.
Whilst I'm off on one FiberSentinel from NeSTRONIX provides a solution to
detect fiber taps, does anybody know of any other such solutions.  Though in
my experience they have to be more intelligent than just detecting losses
that exceed a preset threshold as the false positives are unmanageable.

hope this helps
take care
Taliskers Network Security Tools
----- Original Message ----- 
From: "Johannes Ullrich" <jullrich at euclidian.com>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Monday, August 04, 2003 3:43 PM
Subject: Re: [Dshield] Patriot spies?

> > It's called Remote SPAN, and it's not very universally
> > deployed (yet).
> There are a number of ways to wiretap a connection. Such a
> 'span port' on a switch is frequently used for intrusion
> detection systems. A 'span port' will see all traffic that
> goes through a switch.
> However, there are other methods:
> - 'tap'. This is essentially a read only connection. Kind of like a hub.
> It can be plugged into an existing ethernet connection (fiber or
> copper).
> - hub. just a simple hub will allow you to 'listen in'. Unlike
> a tap, such a hub allows the listening machine to send data to the
> network with may make it harder to hide.
> Of course, there are numerous other ways. E-mail could just be copied to
> a second account from the mail server, or a sniffer could be installed
> on an existing machine.
> Of course, there are various laws regulating this. In the US, the
> following laws apply:
> - Electronic Privacy Act: It prohibits your ISP from sharing
> any intercepted communications with others (including law
> enforcement). The ISP can be held liable for violating this
> law
> - Wiretap Act: It restricts how anybody is permitted to 'sniff' a
> connection. In general, law enforcement has to have a court order. Even
> an ISP is not permitted to listen in on its own network unless they have
> permission from the user to do so, or they do so in a limited way to
> ensure network security (however, whatever they find is still protected
> by the privacy act). The ISP is not required to notify law enforcement
> of illegal activity, with the only exception of child pornography.
> - constitution (4th amendment). It protects you from unlawful
> wiretapping by the government. However, it does nothing about your ISP
> or other non-govt entities.
> AFAIK, the first Patriot act did not change this all that substantially.
> The only thing that got added is that it permitted the government to
> assist private companies in wiretapping if the private company requests
> this and does not have the ability to do so themselves.
> (no,
> -- 
> --
> Johannes Ullrich                     jullrich at euclidian.com
> pgp key: http://johannes.homepc.org/PGPKEYS
> --
>    "We regret to inform you that we do not enable any of the
>     security functions within the routers that we install."
>          support at covad.net
> --
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:

More information about the list mailing list