I'm jumping into this thread mid-stream, so if I'm missing
something, let me know (flames to /dev/null). I may be
completely off-base here...
> 1) Carnivore is installed in a number of major ISPs.
So use minor ones like the "free" networks available in
many metropolitan areas. If you're exceptionally paranoid
and/or up to no good, you can bring a packet sniffer to your
local university and fire 'er up. Port 110 is usually a
good bet. *cough* Not that I'm advocating cracking;
I am illustrating a point - unless you are tapping the
phone lines, listening in at the ISP will do you little
good. Carnivore is engineered for stupid criminals.
<PARANOIA>
Or maybe it wasn't designed to monitor criminals....
</PARANOIA>
> 3) Traffic analysis is poorly understood outside the NSA
Hrmph. Packets originating on Port 110 with a length of 63
and 85 will most always contain the USER and PASS commands.
Everything else is blocked at the MTU size. Yes, you'll
pick up some noise, but a manual grep through the logs for
USER and PASS along with a awk to reorder the contents so
the timestamp is first does wonders. Why people don't use
encryption is beyond me on public networks... I SSH or
PPTP tunnel everything of importance. Traffic analysis
isn't a hard-to-grasp concept, once you know what you're
looking for and how the data is structured.
> 4) Traffic analysis is rumored to be better understood inside the NSA
That's their job; It's no rumor. You can also invalidate traffic
analysis by sending in blocks of the same size at regular intervals,
Say, 100 * 1500 length packets per hour. If you put the cipher in
feedback mode (tcp/ip so you don't lose packets, obviously) the
contents will be scrambled beyond the ability of the NSA to monitor
more than a few nodes at a time. Invalidate your keys at regular
intervals (like kerberos) so you cannot issue a replay-attack on
the remote host. Anyway, blah blah blah.. let a real crypto
expert take the podium on this. :)
The point is if you rearchitecture things to move in batch jobs
at regular intervals and queue requests it's impossible to see
where the data is going. After 1 or 2 hops, it's purely guess-work
to determine where the data is coming from and going to. I'm assuming
other nodes would aggregate traffic. I'm assuming one of the
goals of Freenet is plausible deniability - nobody can ever prove
a particular piece of data ever passed your node. If that is a
design goal, this will need to be implimented at some point if
you care about traffic analysis. You also need to take care to
pick a sufficiently large key size and cipher mode so as to make
cryptanalysis more difficult.
> 5) We glimpsed at the conference that often a couple of compromised
> nodes are sufficient to trace source/destination of remailer mail.
Which is why you use multiple remailers...
> 6) Carnivore precisely link-level compromises mix nodes. It does nothing
> more, nothing less.
If you want to get creative.. create an abstraction layer in a freenet
server away from the network. You'll need to run it as root to do this,
but under linux you can bind the server to practically every port from
1024:65535, and then tell the kernel to release each port as needed.
I know a program called Abacus PortSentry does this. You could arrange
several types of handshakes so Freenet could, in effect, function on
any port and on any protocol - TCP, UDP, ICMP.. it wouldn't matter. Of
course, it's a simple matter of programming to do this.. *cough* :)
That would throw monitoring things at the link-level off. The next
logical step, then, would be either Tempest or penetrating the host's
security and installing a daemon / TSR into memory to monitor key
data segments in the FreeNet server. Atleast, that's what I'd do...
> 7) The FBI may well be interested in being able to follow mix traffic.
So are alot of other groups. Some of them don't work for the government.
Some of them are on this list. :) Keep in mind the people best able to
defend against a threat like that are the people building Freenet.
Carnivore stops stupid criminals. Not intelligent ones. I think I can say
with a fair level of confidence most of the people developing freenet
aren't slouches. :)
So don't worry about Carnivore. You can't stop it, but you can route
around it by properly architecturing your protocols and servers.
--
Signal 11 -o- BOFH, malign.net
Who cares how corrupt our leaders are as long as they're tough on crime?
P.S. At this point you're either blown away at this response or you
think I'm a complete idiot. Either way you're probably right...
_______________________________________________
Freenet-dev mailing list
Freenet-dev at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/freenet-dev
