On 11/1/06, Fabian Keil <[EMAIL PROTECTED]> wrote:
... For Tor users this shouldn't be a big deal. I also don't see anything exciting about Narus
the narus advantage is hardware/programmable classifiers, ala snort on fpga, which allows deep inspection across numerous (linearly scalable) OC12/OC48 peering points. rules also scale linearly, with anywhere from 500 to thousands per classifier proc.
Of course a patient person can already do the same thing with less comfortable tools like tcpdump anyway.
this is all about scale, and since we are discussing taps on the backbones, scale is paramount. but for small ISP's, corp it staff you're right...
> That barely begins to describe what the > Narus tools can do. If you care about privacy, this is really creepy. Maybe if you care about privacy and don't use tools like Tor to protect it.
the problem with narus run by $TLA is that it functions as global adversary, which is explicitly outside Tor's threat model. this may or may not mean they are watching. (and there are certainly some $TLA's who are using packet latency fingerprinting with active manipulation of packet timing up stream to link clients to particular exit traffic) zero knowledge mixes defend against this threat, but you lose the (relatively) low latency of onion like routing in Tor. [exercise for the researchers: would traffic padding with a DTLS Tor ala reliable multicast at fixed bandwidth limits keep the low latency but provide the anonymity of a stronger mix?] best regards,
