Web Page Tracking

rsynnott

Red Alert wrote:

À transparent proxy is generally a giveaway when you enter a dud site - in it's default config both Squid and Microsoft ISA make up their own error messages for invalid URLS. Which means if they are using one, why hide it?

That amount of data seems dodgy - i really don't like the idea of big brother eircom (who'd probably sell it for marketing purposes) if they could or IBB (who are just downright incompetent they'd probably leave it lying in a street or something) having all that.

It's certainly possible to have a very transparent transparent proxy, and then there are HTTP packet analysers. But all this would take a LOT of machines. And it would miss out HTTPS and such.

Rew

Red Alert wrote:

À transparent proxy is generally a giveaway when you enter a dud site - in it's default config both Squid and Microsoft ISA make up their own error messages for invalid URLS. Which means if they are using one, why hide it?

Only if its configured to give you the error message. Anyway they dont have to actually proxy the connection all they have to do is sniff it as it passes though their network.

Rew

rsynnott wrote:

But all this would take a LOT of machines.

Or one big dedicated bit of hardware. With telco stuff u cannt think in terms of PC's.

rsynnott

Rew wrote:

They are in the middle so can sniff data no problem. Carnivore monitered alot more then the web. I did suggest it was blanket monitoring its up to indvidual telcos to do the logging they see fit.

Yep, Carnivore does (it still exists, you know), most interesting non-encrypted services. As I mentioned previously, it's impossible for it to do SSL services. And I really can't see why telecoms would spend so much (and it would be a LOT) monitoring their customers when no legal requirement exists to do so and they'd miss most interesting stuff anyway

Rew

rsynnott wrote:

Yep, Carnivore does (it still exists, you know), most interesting non-encrypted services. As I mentioned previously, it's impossible for it to do SSL services. And I really can't see why telecoms would spend so much (and it would be a LOT) monitoring their customers when no legal requirement exists to do so and they'd miss most interesting stuff anyway

FBI claim to have discontnuted Carnivore. I didn't say there was no legal requirement just that its unclear. The intresting stuff isn't always encrypted btw. Google searches can be very intresting.

rsynnott

Rew wrote:

Or one big dedicated bit of hardware. With telco stuff u cannt think in terms of PC's.

This is one big machine which can process tens of gigabits per second, yes? Know you of such a machine?

Rew

One of these will do firewall and IDS at 1-2 Gbps with up to 1/2 mil concurent sessions.

http://www.juniper.net/products/integrated/dsheet/110035.pdf

Rew

Anyway, the big problem isn't the tracking/logging of data its the storage of the logs. That would be the big limiting factor in any setup.

rsynnott

Rew wrote:

One of these will do firewall and IDS at 1-2 Gbps with up to 1/2 mil concurent sessions.

http://www.juniper.net/products/integrated/dsheet/110035.pdf

Hmm, nice, but I don't think it does what you want. As far as I can see it simply does deep inspection of a few protocols looking for attacks; that's a far cry from logging them all.