I'll tell you what guys...I think THEY means the feds, or the NSA, etc. And yes....THEY can see what you are doing even without a firewall. A firewall is simply a tool to block unwanted traffic. Although it does provide logging capabilities, it is not intended to reconstruct an attack. I have been working in network security for many years now, and I can tell you for a fact that the firewall is not the best place to get information regarding an attack. For one, ports are always left open on a firewall, and many times are not even logged (i.e. HTTP) because logs would be way to large to do anything with.

What we are talking about here goes WAY beyond the realm of the firewall. Don't get me wrong, a firewall plays a critical part in securing your network, but it is not the ultimate solution. Many ISP's capture all traffic going across their networks. These packet captures can be reviewed at any time, and even in real-time to find out everything about what is happening on a network. So if you are port scanning or something like that...it can be traced back to you if it became necessary. Like I said...go to http://www.silentrunner.com and check out the software, you will be in awe when you realize what can be seen by others. For example, silentrunner can search for key words in real-time packet captures, and can give source IP's, source MAC addresses, and can pinpoint the exact source of an attack. It can also analyze to completely different pictures with different characteristics (like britney spears with blonde hair in one with a pink outfit, and with brown hair in another wearing a blue outfit) and can still distinguish the fact that they are both the same person. Now you might not think this is a big deal, but it can do the exact same thing with attack signatures. So it can correlate two diferent attacks to two different locations, at two different times, and still tell that the attacks are from the same person.

The only thing SilentRunner can't do yet, is inspect encrypted traffic....hint....

But that also does not mean that there is not other software out there which we do not know about that can.