This is pretty complicated stuff, so I'm going to start out with a fairly long-winded and familiar analogy. If you're already well-versed on terms like MAC addresses and ARP caches, and the challenges of port mirroring, feel free to skip this part. Or not. You might learn something. I sure did. :-)
To expand on a time-honored metaphor often taught in computer networking classes, imagine that your home network is the postal service. It's the postal service's job to sort and deliver mail to the appropriate recipient, presumably at their home address. The postal service employs mail carriers to physically shuffle millions of properly addressed, stamped, and postmarked envelopes around the country to wherever they need to go each day.
The carriers' job doesn't involve a lot of deep thought, but it does require excellent memory. In fact, excellent is an understatement. The employees of this fictitious postal service must all be blessed with flawless photographic memory. Worse, their supervisors offer them minimal training before sending them out to perform their daily tasks. They are deployed into unfamiliar areas, without the aid of maps or GPS navigation, and they must explore and learn their assigned delivery routes completely on their own. The carriers have to remember where people live by memorizing the location of each and every mailbox the very first time they have to deliver a letter addressed to someone new.
Let's say Johnny Smith has gotten himself into Big Trouble with the Law, and the Feds decide they'd like to start receiving an exact copy of every piece of mail sent or received by Johnny. The Feds go to the local postmaster and hatch a plan: Agents posing as mail sorters at the post office would secretly open and painstakingly duplicate all letters addressed to or from Mr. John Smith, down to the stamps and the postmarks, and then re-seal everything back up in duplicate, identical. envelopes. Both letters would be placed into the same outgoing basket for delivery by the same carrier the next morning -- one copy intended for Johnny, and the other for the Feds' secret stakeout location a mile down the road from Johnny's house.
Unfortunately, Johnny's mail carrier never got the memo informing him about the postmaster's clandestine arrangement with the Feds. He shows up for work, picks up his basket of letters for the day, and goes about his delivery route. When he arrives at Johnny's house, he finds two identical envelopes, both addressed to Johnny. Figuring that it must be some kind of sorting error, and not wanting to return to the post office with undelivered mail, he puts one envelope in Johnny's mailbox and throws the other one away. This keeps on happening, and he continues throwing away the duplicate letters, because he was never instructed to send them to the Feds, nor had he made a delivery to their address before.
Eventually, the Feds start to wonder why they're not getting their copies of Johnny's allegedly-incriminating mail. They go back to the post office and talk to the Agents about the specifics of their plan, and realize its fatal flaw. If their surveillance activities are to remain on the low, they can't tell the mail carriers what they're up to. On the other hand, if they don't let them in on the scheme, they'll never get to inspect Johnny's mail, because the carrier would always throw away the duplicate copies... right?
Then it dawns on one of them. What if we send the letters out using two different carriers, covering two separate routes, so that neither of them would end up having to wonder what to do with an abundance of duplicate envelopes. The second carrier would actually be an Agent in disguise, who knows to always deliver mail addressed to Johnny to the Feds' stakeout location instead. Their new plan works perfectly, so now the Feds get to read all of Johnny's mail, and nobody is the wiser.
This creative solution is precisely what makes Project High Life / WRT-SPAN special.
No comments:
Post a Comment