Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Carnivor & Lantern

  1. #1
    Forgotten Ghost RogueSpy's Avatar
    Join Date
    Aug 2001
    Location
    Cyberspace
    Posts
    783

    Angry Carnivor & Lantern

    Well people. . . . looks like we cant trust NAV any more. . . They have stated that they will not be adding the Government's Carnivor & Lantern programs to their list of known viri & trojans. . . But there is one AV that will. . . Its name is SOPHOS.
    Download it here

    This will detect Carn & lantern. . . . Enjoy. . . any feedback welcome.
    "Never give in-never, never, never, in nothing great or small, large or petty, never give in to convictions of honor and good sense. Never yield to force; never yield to the apparently overwhelming might of the enemy!" - Winston Churchill

  2. #2

    hmm...

    The carnivore box consists of:

    - Commercial off the shelf windows nt or win 2000 with 128-megabytes of RAM, a Pentium III processor, 4-18 GB on the HD, and a 2 gig jaz drive.

    - Carnivore is written in C++

    - the Carnivore box has no TCP/IP stack so it cannot be hacked from the internet

    - a hardware authentication device is used so ISP personnel cannot access Carnivore.

    - a network isolation device which prevents the box from transmitting even if a hacker got access to the box.

    I highly doubt that there is any software that can detect Carnivore mainly because it has no TCP/IP stack and because of the network isolation device.

    my information came from www.robertgraham.com/pubs/carnivore-faq.html

  3. #3

    and...

    Carnivore isn't a virus or a trojan...it's just a box like I said before...I dunno what lantern is though.

  4. #4
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Pretty good stuff, I'm in the process of checking it out now.
    I like NAV but I also like my privacy a little bit more than worrying about virii being installed/etc on my machines. Now is the time to learn how to network through routers and other methods to keep the 'internet -> pc' down to a minimum.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  5. #5
    Junior Member
    Join Date
    Dec 2001
    Posts
    15
    <p3ace>
    So, vorlin, are you saying there is a way to network through routers and other methods to keep the 'internet -> pc' down to a minimum? Explain theory please...do you mean we can talk (tcp/ip)without the ISP?
    ...then...
    Will ISP's be obligated to submit their traffic to the feds like they do in russia? That will suk

    just talking, I hope I don't sound stupid for asking this stuff. I'd rather know what I don 't know, than not ever know all the stupid stuff I never learned.
    </P3ace/out/>
    Half the world is composed of people who have something to say and can\'t, and the other half who have nothing to say and keep on saying it.

  6. #6
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Sorry for the confusion but no, TCP/IP can't be bypassed (as that's the base for most internet traffic, with UDP in there as well). I was simply trying to state that keyloggers and such are less effective (to a degree) when dealing with a router and such. Here's the information I believe is correct for their operation:

    1: keylogger programs have to have a port opened for them to be able to transfer the data collected. This can be circumvented by closing the port. A way around that could be them picking a random port above 1023 and lower than 65535. Lot of ports, you get the picture.

    2: the amount of data collected via these keyloggers will be so huge, they'd need a dedicated datacenter just for the dissemination of this data. Not to mention, a LOT of people are serious users and transmit ungodly amounts of traffic every hour...not even including gamers like myself (I can see the FBI knocking on a door because of a traffic-intercept saying that "They should've thrown a grenade through the door", not realizing the kid plays RTCW/CS/etc). This is much akin to phone-tapping every house.

    The best way to have a network set up is to have your cable/dsl connected to a router w/ hardware firewall (such as a Linksys or DLink), make sure the firmware is updated, and then install something like Zonealarm (Click here ) on every machine (windows) OR you could have a linux box running ipchains (Intro & Tutorial , another great site for ipchains setup ) as well as DHCP (ISC's page) so that your PCs can get dynamic IPs (and God knows you don't want to use bootp, hehe).
    Disclaimer: this is my humble opinion, and doesn't reflect those of much more knowledge on here...

    The 'internet->pc' should have been 'internet -> isp -> pc' which means direct connect to the internet, a bad way to fly...

    Hope this clarifies a little bit (and I need to clarify when posting at 10 or so at night after 15 hours of work).
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    Lantern is basically a key stroke recorder and trojan, its been used by the fbi as evidence in a couple of hacker cases so far. it can be reverse engineered like anything else and used by the bad guys. the fbi havn't always proved to be the good guys anyway.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  8. #8
    Carnivore is not a key logger like lantern. And Carnivore isn't installed on a computer like a virus or trojan horse. Some functions of Carnivore when it is used include:

    - capturing all email headers going to and from an email account, but not the actual contents of the email.

    - list all servers that the suspect accesses, but doesn't capture the content of the servers.

    - track everyone who visits/accesses a website or ftp files

    - track all web pages or ftp files the suspect accesses.

    Carnivore is basically a packet sniffer. It just saves copies of specific packets; it doesn't interrupt any of the transportation of information through the internet.

    And if anybody thinks that Carnivore grabs all data on a network, even the data of innocent people, you are mistaken. Carnivore follows strict email transfer protocols and only examines specific fields.

    There are some problems with Carnivore, however. Such as the FBI won't release the source code to it and that the FBI says they are under a commercial contract not to release the code. If they are under contract, then there must be severe problems with the code because the FBI obviously can't write the program themselves lol. There are also other programs like Carnivore (packet sniffers), that are more fierce and can do more than Carnivore. TCPDUMP, for example, can do exactly the same thing as Carnivore...except that TCPDUMP is installed on a system with a TCP/IP stack, whereas Carnivore is not.

    www.robertgraham.com/pubs/carnivore-faq.html

  9. #9
    Senior Member
    Join Date
    Aug 2001
    Posts
    183

    carnivore

    There was an extremely interesting article in 2600's last fall issue about carnivore. It sounds like carnivore isn't as big as a threat as I thought it would be a year ago when i first heard about it. Apparently, like Nitro said, it is pretty much a box, although I had no idea what OS it ran-before Nitro's post-I figured it probably ran some flavor of *nix. I have a few friends that work at a local isp-www.onlyinternet-I asked them about carnivore and they never even heard about it.....
    “People don’t talk about anything.” [Clarisse]
    “Oh, they must!” [Guy]
    “No, not anything. They name a lot of cars or clothes or swimming pools mostly and say how swell! But they all say the same things and nobody says anything different from anyone else. And most of the time in the cafes they have the joke-boxes on and the same jokes most of the time, or the musical wall lit and all the colored patterns running up and down, but it’s only color and all abstract. And at the museums, have you ever been? All abstract. That\'s all there is now...\"
    -A conversation with Clarrise McClellan and Guy Montag from Fahrenheit 451

  10. #10
    Senior Member
    Join Date
    Aug 2001
    Posts
    485
    In reply to Whit3Speic
    ==============================================Will ISP's be obligated to submit their traffic to the feds like they do in russia? That will suk
    ==============================================
    Well, I'd be very careful if you route any traffic via an ISP located in the UK. The legislation here in the UK (the RIP bill) is that ISPs must retain records of traffic activity for 7 years, and copies of all emails for one month. They can be retreived by the UK government without having to provide any reason (i.e. no legal authority required). The current legislation that the UK goverment is trying to push through ("anti terrorist legislation") would require all ISPs to store copies of all emails for 7 years.
    Personally, I've no objection to goverments acting against known or suspected terroists, but I think this is setting a dangerous precedent in giving a government such wide ranging powers, as they can be abused.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •