[AusNOG] Wifi Security and Interception

Curtis Bayne curtis at bayne.com.au
Wed Jun 9 15:27:02 EST 2010


FWIW, I am not sure about other ISPs, but I do not allow contractors or engineers to do PCap on our network without it being done on our own hardware - this runs deep freeze so we cannot store personal information between reboots and the machine never leaves an employee's sight.

This kinda stuff is too serious to take lightly.


-----Original Message-----
From: ausnog-bounces at lists.ausnog.net on behalf of David Connors
Sent: Wed 6/9/2010 3:15 PM
To: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Wifi Security and Interception
 
On 9 June 2010 13:20, Richard Pruss <ric at cisco.com> wrote:

> Way out of my narrow area of expertise here
>

So am I but that does not appear to be stopping everyone else from
interpreting the law or offering opinions. I am eminently unqualified to
comment and so shall pile on.


> I have a few fumbling basic question here.  How much of network
> Ethernet/WiFi/L2/L3/l4-L7 do you feel is covered by the TIA?
>

[ ... ]


> If INTENDED RECIPIENT does not include anything that can get and one
> expects to forward/drop on the message, allot of things networks regularly
> do become implicated and possibly "BAD".
>

So the elephant in the room no one is talking about is the fact that ISPs
and network providers do promiscuous packet captures every day of the week
on wired networks that customers presume to be secure. I'd venture that if
you went and had a look at the file servers/laptops of network engineers at
nearly every ISP/hoster/whatever on this list you would find that there is a
pcap or three laying around that contains more data than was needed or
intended - maybe even personally identifiable information and so on.

I'm not all that sure there is too much difference between a network
provider collecting my PII and storing it on an engineer's laptop just
because my personal data happened to transit their IX while they were
analysing or debugging something - and what Google did (except in the Google
case there is  *some* negligence on my part for not having my wifi
encrypted).

Meanwhile, Conroy births another half-a-dozen kittens carrying on about how
Google *deliberately wrote* software to collect all of this data. "Eric
Schmidt says Google loves cash!!", and other non sequiturs he barks at the
Senate, as if to show the horrid depths of their packet snaffling depravity.

Sheesh. Give me a break and get out your Occam's razor. The most likely
scenario is that some poor sod at Google uses tcpdump or knocks up something
using libpcap and runs it on 11-13 radio interfaces in promiscuous mode and
collects a heap of stuff driving 'round (hard disks are cheap compared to
drive around the world AGAIN if you didn't get all the data you need).  The
intention would be to analyse it later to generate the necessary data to
support W3C location support back in the office. Network engineers do
promiscuous packet captures all the time. Grab all the data - more the
better - when you can - and pore over it back in the office to get whatever
the required outcome is. They might even keep the original captures around
to re-run their analysis later to prove other assumptions/etc.

I have never seen anyone carefully exclude errant HTTP traffic from their
captures before analysis (in the interests of privacy, the law, or anything
else).

Unfortunately for Google, they are one of the new whipping boys of privacy
on the Internet. If the AFP decided to randomly raid a bunch of ISPs they
would find all sorts of packet captures in tmp directories and backup tapes
containing all sorts of data to which the ISP is not entitled.

Conroy has a bug up his proverbial and wants to discredit Google as if that
will somehow bolster his position on the mandatory filter. He gets a few
rants in the press/senate. A bunch of people pile on in some sort of
half-cocked conspiracy theory that Google is going to make off with the fact
I was on Facebook when they drove past my house on the 23rd of April last
year and captured data for the 15 seconds they were in range.

He has more important things to worry about - like the 20 000 scams and
spams coming through the ... ummm ... portal.

$0.022 inc GST

-- 
David Connors (david at codify.com)
Software Engineer
Codify Pty Ltd - www.codify.com
Phone: +61 (7) 3210 6268 | Facsimile: +61 (7) 3210 6269 | Mobile: +61 417
189 363
V-Card: https://www.codify.com/cards/davidconnors
Address Info: https://www.codify.com/contact

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100609/02134749/attachment.html>


More information about the AusNOG mailing list