From: Andrew Lowenstern <andrew_loewenstern@il.us.swissbank.com>
Date: Thu, 26 Jan 95 11:24:06 PST
To: perry@imsi.com
Subject: Re: Reordering, not Latency (Was: Re: Remailer)
Message-ID: <9501261922.AA07092@ch1d157nwk>
MIME-Version: 1.0
Content-Type: text/plain


>  Adam Shostack says:
>  > It may be that the FBI has a couple of Suns handling the whole
>  > remailer network right now.

Perry Metzger replies:
>  If they are doing that, they are violating the ECPA. They are
>  allowed to monitor only those things they have a warrant to monitor
>  (with, of course, all those lovely National Security exceptions).
>  This is not to say that it isn't being done, but it can't be used
>  in court.

Is this even technically possible?  That is, wholesale monitoring of  
disparate portions of the net from a single access point.  Given the  
distributed and dynamic properties of the Net this would seem impossible.  To  
monitor the entire remailer network an attacker would have to setup packet  
sniffers upstream from each and every portion of the Net that contained a  
remailer, wouldn't they?

I suppose an extremely resourceful attacker could monitor traffic at crucial  
points (i.e. transcontinental feeds, points on the NFSnet, CIX, etc...), but  
there are so many private connections linking networks that it would be very  
difficult indeed to sniff out every bit of remailer traffic.  Is having every  
bit of remailer traffic necessary for traffic analysis?  Or would having a  
good percentage of it be sufficient?


andrew