Slashdot Mirror

You're still fucked.

For more than 26 years, Dell has empowered countries, communities, customers, and people everywhere with the right technologies to realize their dreams.

Blue Coat

Dell is a strategic reseller & global systems integrator for Blue Coat’s products. Blue Coat’s products are available through the Dell Software & Peripherals catalog for a variety of Secure Web Gateway, WAN Optimization & Visibility solutions.

Dell's Sunnyvale offices are at 909 Hermosa Ct Sunnyvale, CA... not on the same street, but physically adjacent to Blue Coat's campus. Its building is about 40 feet from Blue Coat's... for Dell employees, it's a shorter walk to Blue Coat than it is to some of their own cars in the parking lot.

Spelled out: Blue Coat and Dell work together to sell governments equipment to monitor their citizens' communications. And so do Narus and Dell.

> Who is, I suspect, no longer anonymous to the FBI...

Neither am I. For real. Here's one product they use to monitor internet traffic on targets: Narus Insight.

They already have all the capabilities discussed in the article, which is itself overly dramatic. Take a look at the product page for that software and see for yourself.

Haw, I might believe you if you can prove to us that it's solely Chinese technology doing the filtering, and not solutions from Western vendors such as Naurus or Procera.

All of the big links provide only details about the type of filtering and not the hardware used.

"If your skin is darker than a paper grocery bag, you must immediately return this product in exchange for its equivalent value in food stamps"

It's no wonder why increasing numbers of Slashdot(a forum for linux and unux geeks) are seeing the light and converting to Microsoft software for their computing needs.

Some of FB's servers went down. Some paranoid Algerian guy, who may or may not have good reason to be paranoid, noticed this, and assumed that it was targeted at him personally. And a rumor got started.

Go to Libya. Wake up. Amble over to market. Buy tube of Crest toothpaste and some grapes. Straggle back to hotel. Go to bathroom. Turn on hot water and pray (for hot water, cold water, brown water, anything at all). Brush teeth. Yeccchhh. Look at toothpaste. Surprise! It's "Crust", not Crest. N Africa is a world of knock-offs. Including hackers. RUMORED government Facebook attacks (unless Alg. hired like, http://www.narus.com/ as Egypt did) are rumors and normal N Africa glitches. *yawn*

A and B may be true, but C is quite the opposite. You can be 99,999% sure your mobile Internet traffic also gets routed goes trough one of the NarusInsight boxes. These things are produced for mass-surveillance with a reported capacity of 10Gbit of traffic per unit... Since mobile networks can potentially be a goldmine for 'anti-terrorist' monitoring you can be sure they hooked a fiber from each large network node to a room filled with these babies. The problem is that the chance of C is much higher than most people think, the chances of B and A happening are fairly large once you communicate anything remotely interesting to one of the agencies.

You do know they're talking about doing this to water, electric, utilities, gas and railroad infrastructure, right? "Critical infrastructure", such as traffic control centers, the power grids, gas grid and the like. You aren't critical infrastructure. WoW certainly as hell shouldn't be running on critical infrastructure. Traffic in those network SHOULD be watched and coordinated. The companies can either let the NSA do it or purchase the equipment and do it themselves.

Last I knew, those "proprietary systems" (example here) were Linux-based using libpcap but on screaming fast hardware. Proprietary analysis software is used to baseline traffic patterns and look for anomalies.

After working for 18 months on a CALEA project for a major telecom, and prior to that with an early Narus install, I say you're woefully underinformed.

Narus Key Features

        * Total network view across the world's largest IP networks that includes both deep traffic inspection and full correlation of Layer 2 and Layer 7 information across all links and elements

        * Industry-leading packet processing performance that supports network speeds up to OC-192/10G off the wire and uses a distributed architecture to scale so it can process multi-petabytes of data

        * Carrier-class scalability and reliability with over 2.7 petabytes of IP traffic processed at a single customer, driving 100 billion packet records per day (greater than 7 terabytes) to upstream security applications

        * Full traffic correlation across every link and element on the network

        * Entropy-based security algorithms, provide unprecedented early detection of sophisticated anomalies such as low volume and polymorphic worms

        * Next generation traffic analysis with advanced algorithms for real-time security, intercept and traffic classification and mitigation

LOL!! So a vendor put all these claims on their marketing literature but who on the government side is technical enough to validate all these claims?

Packet processing performance is meaningless without some sort of information on the type and number of signatures or tests applied to each packet.

And read the literature carefully. They are claiming *security* around traditional technology threats like worms and virii and NOT we-can-detect-a-conversation-between-two-terrorists technology.

After working for 18 months on a CALEA project for a major telecom, and prior to that with an early Narus install, I say you're woefully underinformed.

Narus Key Features

        * Total network view across the world's largest IP networks that includes both deep traffic inspection and full correlation of Layer 2 and Layer 7 information across all links and elements
        * Industry-leading packet processing performance that supports network speeds up to OC-192/10G off the wire and uses a distributed architecture to scale so it can process multi-petabytes of data
        * Carrier-class scalability and reliability with over 2.7 petabytes of IP traffic processed at a single customer, driving 100 billion packet records per day (greater than 7 terabytes) to upstream security applications
        * Full traffic correlation across every link and element on the network
        * Entropy-based security algorithms, provide unprecedented early detection of sophisticated anomalies such as low volume and polymorphic worms
        * Next generation traffic analysis with advanced algorithms for real-time security, intercept and traffic classification and mitigation

VeriSign offers the entire suite of Narus products to its global customer base as managed services or licensed software. This includes capabilities for security, traffic analysis and lawful intercept.

There are systems that do exactly this. http://www.narus.com/Narus, for example. I quote: "Real-time data capture, classification and normalization at speeds from 100baseT to 10G/OC192 using Narus High-Speed-Analyzer..."

In '99 I was working at a large ISP that was approached by (undisclosed), they wanted to put three loaded Sun E10Ks on the network to capture and catalog all the data traveling to our peering points. We kindly declined the offer.

First, "preserve" net net neutrality? No, the notion that have net neutrality now (or had it recently) is a falsehood. You should say "gain" net neutrality.

Huh?

The big carriers don't shape traffic. Traffic shaping is something that happens at the network edges, not near the core or backbones. The equipment to do deep packet inspection is not cheap, and it gets ridiculously expensive when you start talking about inspecting really fat pipes. The only system I'm aware of that does DPI on big network segments are those ones from the creepy quasi-NSA company Narus. And despite their marketing spiel, they're geared more towards surveillance than network management.

Effective traffic shaping requires pushing the hardware to do the packet inspection as close to the customers as you can get it, because that's where the links are slow enough to do it with reasonable hardware (rather than requiring a whole mess of custom logic) and without slowing things down. By the time the traffic has gotten up to a big Tier 1 or even Tier 2 ISP, you're talking about serious bandwidth. There's a point where it's easier just to get a fast router (which has a lot of custom logic in order to do its job, and just looks at packet headers) and not screw around with trying to pull out all the Bittorrent packets and separate them from the rest of the email/IM/VoIP/pornography.

Traffic shaping is something that low-level ISPs want to do, in order to control their bandwidth bills (because a consumer ISP has to pay to its connectivity to higher-level providers, it's not peering). I don't see why the big backbone providers would care.

Interesting related side bars:

Deep Packet Inspection and Net Neutrality
http://yro.slashdot.org/article.pl?sid=07/07/26/16 8202&from=rss
The AT&T Whistleblower's Evidence
http://yro.slashdot.org/article.pl?sid=06/05/18/16 26248
newbies Guide to Detecting the NSA
http://blog.wired.com/27bstroke6/2006/06/the_newbi es_gui.html?entry_id=1510938
NarusInsight Secure Suite
http://narus.com/products/index.html
NarusInsight Secure Suite (NSS) enables carriers and service providers to detect any network attack, abuse or behavioral anomaly in real time and at core speeds, and then direct a variety of actions: to raise an alarm, send an SNMP trap, or even mitigate the attack. Traditional edge-based security solutions are insufficient for Next Generation Networks and IMS because of their limited visibility into network traffic and elements. They are aware only of partial information of traffic flowing through the single link of the network they are attached or listening to, and their basic statistical algorithms are able to detect attacks only at their last stage, for example large changes in the volume of traffic.

If you have 52 pages of what appears to be "garbage" data, I can promise you that the garbage is only filtered. They know the complete URL, what time you started loading it, the name, type and size of image you loaded from the page, how long it took to transfer, the bandwidtth you used to transfer it, etc, etc.
It is only "garbage data" on your bill.

Both the parent and grandparent assume a simple form of blocking. Some (most?) VoIP blocking done commercially is done by NARUS' semantic traffic analyzer. The NARUS STA can simply look at the pattern of the traffic without regard to content and make the assumption that it is voice traffic and block it where required or, more importantly, create call detail records identifying the time and length of calls for use in billing.

NARUS Press Release Specifically Mentioning Skype

One side effect of this type of blocking is that calls can actually be established and are then blocked. This can be an even worse situation for users because they may incur call termination fees before the call is dropped.

I would, however, like to see statistics at how good NARUS is at recognizing Skype traffic since it's signature is not as straight forward as a simple SIP call. Additionally it should be possible to create additional traffic to disguise the VoIP traffic signatures, but this is beyond the capability of the typical user.

Which of course makes it possible for the creative crypto-designer to work around this particular device type, if necessary. But I would think that any reasonably encrypted channel is immune to this automatic filtering.

Here is a good blog entry on the technical aspects of the AT&T-NSA scandal.

The major Internet backbone links are OC-192 and higher, the Narus system described in the document could only handle up to OC-48 (1/4 the speed of OC-192 circuits).

Yup, at any given time, although I doubt AT&T has their connection constantly maxed out, so we don't know the real traffic rate percentage this can monitor. We also have no idea what the capacity of the storage they are using for forensic analysis of this data is, nor how long they are keeping it. Hopefully the average load, the regexps matched (at least in general), and the procedures in place will shed some light on this.

Remember that these documents were from 2003, and the current Narus devices do in fact handle OC-192 in real time.

As an ex-Narus employee, this is a load of FUD. How many systems do you think it would take to capture the entire internet backbone every second? How much storage do you think it would take? Do you even consider what it would take, CPU horsepower wise, to capture maintain session state, filter and report on EVERY single communication protocol thread passing through the entire internet?
Personally, if the NSA, CIA, FBI or any other government agnecy, believes a terrorist organization is potentially using a segement of the internet and they want install fiber splitter to be able to filter and report on who they are talking to and what data they are passing, I, for one, am fully in favor of it.
And no, I really don't want to hear from the tree hugging, long hair hippy freaks who want to espouse their "Orwellian" big brother theories. If you want to do something illegal, don't use a telephone, cell phone or the internet. This has been true and will continue to be true. If you want to thwart the Narus (or any other) data capture and processing, encrypt your data. This has also always been true for land lines, cell phones and the internet.
The "Narus Lawful Intercept module" http://narus.com/products/lawful.html is fully covered under the FCC and all other lawful precepts covering communication interception for the purpose of legal activity.
Also see this: http://narus.com/solutions/intercept.html
A Narus STA is only running on a standrd Linux or Solaris system. It feeds an Oracle database back end, and has fairly rigid limits on the amount of data it can collect, store, and process. I can almost guarantee you that the STA's installed have very specific filter in place specifically defining, if not single hosts, single subnets for capture and analysis. Saying anything else is just some liberal with their panties in a wad that has no real clue about trying to sniff "the entire internet".

As an ex-Narus employee, this is a load of FUD. How many systems do you think it would take to capture the entire internet backbone every second? How much storage do you think it would take? Do you even consider what it would take, CPU horsepower wise, to capture maintain session state, filter and report on EVERY single communication protocol thread passing through the entire internet?
Personally, if the NSA, CIA, FBI or any other government agnecy, believes a terrorist organization is potentially using a segement of the internet and they want install fiber splitter to be able to filter and report on who they are talking to and what data they are passing, I, for one, am fully in favor of it.
And no, I really don't want to hear from the tree hugging, long hair hippy freaks who want to espouse their "Orwellian" big brother theories. If you want to do something illegal, don't use a telephone, cell phone or the internet. This has been true and will continue to be true. If you want to thwart the Narus (or any other) data capture and processing, encrypt your data. This has also always been true for land lines, cell phones and the internet.
The "Narus Lawful Intercept module" http://narus.com/products/lawful.html is fully covered under the FCC and all other lawful precepts covering communication interception for the purpose of legal activity.
Also see this: http://narus.com/solutions/intercept.html
A Narus STA is only running on a standrd Linux or Solaris system. It feeds an Oracle database back end, and has fairly rigid limits on the amount of data it can collect, store, and process. I can almost guarantee you that the STA's installed have very specific filter in place specifically defining, if not single hosts, single subnets for capture and analysis. Saying anything else is just some liberal with their panties in a wad that has no real clue about trying to sniff "the entire internet".

I guess ZFone is right out then. Dynamic encryption key set up by using Diffie-Helman on a call by call basis with an unknown peer using no pre-shared key (PSK). A dynamic way to make VOIP untappable. Even with the incredible tools that the NSA uses from Narus Networks and optical splitters to assemble profiles on every conversation and protocol used by a given source IP address. (The Narus tools used by the NSA can decode all major codecs). Assume your Vonage calls are on a hard drive somewhere.

Imagine Google's reply to this: "You're going to make my traffic slower if I don't pay this fee? Well fuck you very much! In fact, I'm going to go to a new bandwidth provider who doesn't try to extort me.

Google isn't being extorted by their immediate provider, they're being extorted by networks that they don't have agreements with. Moving to a different upstream provider isn't going to change anything. A point you seem to have sort of figured out here: Suppose Google's homepage has to traverse 5 networks to go to my PC. How is Google's fee going to be split across these networks?

Back in England in the 19th century the price of sending a letter was calculated depending on how far it has to go. Somebody realised that the cost of calculating the tariff actually costed the mail company more than extra profit they were trying to make. ... Ask yourselves this, how much is going to cost ISPs to administer this monstrosity?

Well, we have these nifty things called computers that are really quite good at doing mathamatical calculations. In fact, they're good enough that a single machine from this company called Narus http://www.narus.com/ can monitor traffic several gigabits a second, for use in billing processes exactly like this. These machines might also have some other uses, but I wouldn't know about that.

Shanghai Telecom, which has 6.2 million landlines, plans to use Narus Inc.'s system to improve its ability to block "unauthorized" Internet calls that connect to its phone system, bypassing its toll structure.

Narus Customer Profiles

The software is already out there. Check out Naurus' scary stuff, indended for universal monitoring and automatic analysis of large networks.

The Narus website describes NarusInsight(TM) Discover Suite as follows:

"NDS supports detection of the following services and protocols for the purposes of billing, quality of service (QoS), planning, reporting, provisioning as well as blocking:


* VoIP (SIP, H.323, MGCP)
* Skype
* Streaming media (RTP, RTCP, RTSP)
* Peer-to-peer (Gnutella, BitTorrent, KaZaa, eDonkey, etc.)
* Web browsing
* e-Mail (SMTP, POP3, IMAP)
* Messaging (IM, MMS)
* Push to talk"

In other words the system can be used to block content/services. If you don't want VoIP users eating your bandwidth, you install one of these magic boxes and hey presto no more VoIP traffic... Or you can charge VoIP users differently.

Which means the important question is: Who controls the boxes? If they're entirely AT&T controlled, then they might be benign. If they're owned and operated by the NSA, then clearly all your data are belong to US...

From http://www.narus.com/customers/index.html:

AT&T, Brasil Telecom, KDDI, KT, KPN, Saudi Telecom, Telecom Egypt, T-Mobile, US Cellular

I must say that the Saudis using narus stuff amuses me greatly, but the rest of the list scares me. I mean, they've even got parts of Japan (KDDI) and South Korea (KT).

http://narus.com/

From their press release:

http://www.narus.com/press/2005/0725.html

Narus unified IP Management and Security is deployed by some of the largest carriers and IP service providers in the world, such as AT&T, KDDI, U.S. Cellular, Korea Telecom, T-Mobile and Telecom Egypt. Carriers rely on Narus solutions to provide them with real-time IP knowledge to create, manage and protect their services and revenues. With solutions for protecting critical infrastructure from attack, traffic analysis and management, lawful interception and content-based billing, Narus offers a full suite of IP applications all on a single platform. This approach provides a total network view of IP traffic, demonstrating unparalleled performance, while saving carriers tens of millions of dollars in capital and operational costs.

I don't know how well it works, but it's a one stop shop for "security" concerns from losing revenue to VoIP to complying with new wiretap regulations. It sounds like rather than just sabotaging VoIP ATT or any broadband provider might start billing you for using your connection to access voice communications. Yow.

--
Well, here I am in AMERICA.. I LIKE it. I HATE it. I LIKE it. I HATE it. I LIKE it. I HATE it. I LIKE it. I HATE it. I LIKE.. EMOTIONS are SWEEPING over me!!

Check http://www.narus.com/press/index.html , don't buy any service from company who is their client.

Its much more than Skype, SIP blocking people. If a company is using their products, they are watching everything. Check their products page.

http://www.narus.com/solutions/IPanalysis.html

They brag about Telecom Egypt using their software/platform, they have rather interesting banner "bragging" about "Certified for China's national networks".

I would switch my cell phone, ISP immediately if they are using any of this companies products.

Its not Skype only.

Check http://www.narus.com/press/index.html , don't buy any service from company who is their client.

Its much more than Skype, SIP blocking people. If a company is using their products, they are watching everything. Check their products page.

http://www.narus.com/solutions/IPanalysis.html

They brag about Telecom Egypt using their software/platform, they have rather interesting banner "bragging" about "Certified for China's national networks".

I would switch my cell phone, ISP immediately if they are using any of this companies products.

Its not Skype only.

(censoring company www site, http://www.narus.com/about/investors.html )
___
The Intel Communications Fund is a $500M equity investment fund that invests in technology companies developing innovative networking and communications solutions. The fund supports development of technologies for Intel® Internet Exchange(TM) Architecture, telephony applications based on CT Media(TM) and wireless and cellular solutions built around the Intel® Personal Internet Client Architecture and the Intel® Xscale(TM) Microarchitecture. In addition, the fund is expected to invest in applications and systems companies supporting other Intel voice and data communications initiatives.
___

I think they misunderstood companies business while giving them $500M for voice communications ;)

Thanks for link, I noticed a far more interesting thing that whole company could be fake or Korea is having sort of secret contracts with major spammers.

"Huh?" you would say... It says:

"Mountain View, Calif., September 26, 2005 -- Narus, Inc., along with its channel partner Datacraft Korea, today announced that KT has expanded its network's security with use of NarusSecure. As part of Datacraft's TAPS system, NarusSecure now enables security coverage across the majority of KT's nationwide network."
http://www.narus.com/press/2005/0926b.html

Look to my mail address. I am a paid spamcop mail system customer. I also have a yahoo address. Yahoo currently gets 200 spams/week from Korea. While I was naive enough to report those spams, they were all open proxies.

I get 5 spams/day from morons spamming a spamcop.net e mail, guess who they are? Koreans.. Again.

Its not like some big, evil, spam mafia guy in Florida hacking those machines. They are pure Korean language spams coming from "open proxies".

So either Narus ripped those telcos big time or Korean government supports spamming. No other choice. They can detect such advanced P2P encrypted telephony but can't stop lame open proxies and damned port 135?

BTW Spamcop and some other ISP's use a special blocking list acting like RBL to block whole Korea netspace.

Now tell me that a company certified for China's National Networks is who we want to secure the general internet. Its almost as if they are saying YES to censorship and control. I'm not saying security is a bad thing, but pick how you do it with care...

Most of the uses are beneficial, or at least benign-- tracking trends in usage in order to make adjustments to the network configuration, or measuring usage to verify billing. Some uses will piss off some users-- if the ISP measures a sudden surge in Gnutella usage by a small number of subscribers and puts in traffic shaping rules to limit the bandwidth available to those users for Gnutella, a small number of users may be upset, but a large number of Web surfers may be happier.

Yes, it's possible to abuse such data, or even the data collected in a transparent proxy. Do you really think someone cares enough that you personally visit a dozen porn sites a day to make it worth the time and effort to collect and organize the information?

And by looking at the type of content, an ISP will in the future be able to charge a higher rate for traffic that has a high priority, such as voice traffic. But this means they need to monitor all your traffic to see what content you're accessing. See http://www.narus.com/ for a company that's doing this right now.

Now on to the free (speech) part of this. This tracking ability could also enable micropolicies. Blocking-by-host and even content customization by host is possible now, but this will make it much easier and much more prevalent to make web content targeted to the individual. Is this a bad thing? Not necessarily, but it greatly increases the incentives for companies to build and trade in user behavior tracking databases.