5 comments

[ 2.6 ms ] story [ 18.5 ms ] thread
OP here. This is a Reddit IAmA thread where a guy is claiming he writes covert software that allows ISPs and governments to snoop Internet traffic in real time. I found this discussion fascinating and horrifying at the same time.

Assuming this guy isn't a troll, what do you think about the claims he's making? Do you think hardware/software combos like this exist?

of course it's possible. isp's require equipment like this to troubleshoot problems and detect/isolate denial of service attacks.

i used to work at an isp and built two sniffers like that that were used on a per-incident basis to watch traffic going to certain places (usually all traffic to and from a particular colocated server). in my case the devices weren't anything more than openbsd servers with tcpdump, snort, and other pcap utilities, but at larger isp's they would use something more proprietary to handle larger amounts of traffic. i'm sure if we had a good reason to we could have just left them on all the time and used something like snort or another deep packet inspector to trigger alerts on certain traffic.

It wouldn't be that surprising.

You put together custom regex-processing silicon (eg: what Tarari used to make) and related hardware (eg: entropy calculators, that kind of thing) and mix in various types of content-addressed memory and you could get some nutty performance #s on specialized tasks like what's discussed there.

I got a call from Time Warner Cable a few months back saying that they detected traffic on my modem at 6:14am that morning that matched a known worm/virus (forgot the name, but they mentioned it specifically). Sure enough, a friend was staying over, and his laptop was infected with that same virus. Who knows how thorough their monitoring is, but I wouldn't say it's impossible that they can snoop in real time.

I don't know that they

(comment deleted)