Network Associates Buys "Better Carnivore"

ShaunC writes "CNet is reporting that Network Associates has just purchased a software company called Traxess, whose main product - DragNet - supposedly makes Carnivore look like a toy. DragNet is capable of monitoring everything from email to web, FTP sessions to IMs, even print jobs and VOIP conversations; sorting the protocols and logging it all to disk at gigabit speeds. One NAI exec envisions "the government using it to investigate employees and hackers." NAI has also issued a press release about DragNet."

Re:Okay, this is a no-brainer, but...

[drdink]

Actually, I'd use IPSec. When you use IPSec, even the destination port is part of the encrypted payload. They wouldn't be able to tell what kind of traffic it was, just where it was headed.

Re:Okay, this is a no-brainer, but...

[Moosifer]

Actually, TLS (RFC2246) cannot do what you are describing. You are refering to HTTP over TLS (RFC2818) which can switch between unencrypted and encrypted modes with a directive (like STARTTLS). You're right in that this would be ideal, but it's going to be some time before browsers adopt this, I'm afraid.

Kinda Like NetIntercept, but NA doesn't advertise

[FuriousJester]

Except NetIntercept is available now, and DragNet is avaialable in 2003. Oh, and NetIntercept comes with SSH2 decryption by default. (It involves compromising one half of the connection.) And NetIntercept is silent on the monitored wire, making it difficult to detect or tamper with.

There is also Raytheon's SilentRunner and Niksun's NetDetector. But while the privacy wonks are running scared, they are missing the essential usefulness of these tools. It's for forensics - something goes wrong, you can go back and see what it was. I can't comment for the other tools, but NetIntercept makes digging 500,000+ connections from 2 weeks ago easy.

Yes, I work for Sandstorm. Our motto, "Tools with Sharp Edges". Its a fun company.