Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: jon schatz (jondivisionbyzero.com)
Date: Fri Feb 08 2002 - 12:42:23 CST
On Thu, 2002-02-07 at 20:33, J Edgar Hoover wrote:
> This allows them to not only log all http requests, but to also log the
> response. Apparently they aren't using it to maximize bandwidth, because it's not
> configured to serve cached data.
How do you know that it's not configured to serve up cached content?
> And yes, they have purchased a lot of the specific, unique hardware that
> is required to do all this logging.
Once again, where's your inside knowledge of this?
> If a comcast victim/customer sends a packet to port 80 at any IP address,
> it is intercepted by the Inktomi Traffic-Server, the contents of the
> packet are examined for the GET url and the "Host:" field. The Inktomi
> Traffic-Server then sends the http request on to your destination from
> it's address with modified content and headers. It then caches the
> returned data, changes both the header and the content, and sends the
> packet to your machine with the spoofed IP of the server you had
This is standard behavior for a transparent web proxy. Nothing new here.
These have been around for a while, and Inktomi is not the only company
to deploy one. Hell, you can do this with squid and ipchains:
> This allows them to monitor and change (or insert ads into) what
> you read.
It most certainly does. How do you know that they aren't already? They
probably aren't though, because as of 6 months ago, none of the major
players had the ability to insert content into requests. (more on this
> Interestingly, regardless of what IP you address the packet to, the
> Inktomi Traffic-Server reads the Host: field to determine where to send
> the packet.
Once again, standard behavior for a proxy request. Most (if not all)
proxies are dependant on a partial HTTP/1.1. implementation, and without
the host header, all would be lost...
> US Code TITLE 18, PART I, CHAPTER 119, Sec. 2511. (2) (a) (i)
> "...a provider of wire communication service to the public shall not
> utilize service observing or random monitoring except for mechanical or
> service quality control checks."
AFAIK, this isn't snooping. I don't see the big deal. Most dialup users
are surfing transparently through a cache; the next big thing is
supposedly edge appliances that do this as a feature.
Disclaimer: I do have inside knowledge. Not of Inktomi, but of a former
employer who manufactured a multi protocol transparent proxy capable of
real-time modification of content. It was pretty sweet technology.
> Does federal law only apply when a little guy snoops on a big
> corporation? Where are the feds now?
They're monitoring this whole exchange through the carnivore they
installed at mae-[east|central|west] :-)
-- jondivisionbyzero.com || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus?: www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org
iD8DBQA8ZBwPwj1gFegse14RAoVmAJ9tW6q7JR7Efhhdqg6E3TxEaTQRSQCZATpt /7nQzBcT0sDHyZoGdDjpp4s= =pQOj -----END PGP SIGNATURE-----