Re: frame question -- JAVA400-L

At 06:54 PM 11/13/97 -0500, you wrote:
>-----Original Message-----
>From: DAsmussen@aol.com <DAsmussen@aol.com>
>To: JAVA400-L@midrange.com <JAVA400-L@midrange.com>
>Date: Thursday, November 13, 1997 7:59 AM
>Subject: Re: frame question
>
>
><snip>
>>came from there, after monitoring traffic on _your_ server so they can pop
>up
>>a quick message like "For verification purposes, what was that credit card
>>number/password, again please?").
><snip>
>
>Hold on a sec. Let us look at the packet flow of a connection:
>1) I connect to my ISP using my house phone line
>2) I send my ISP a packet. (containing my credit card number)
>3) The packet gets forwarded to my ISP's provider via T1, T3 or other
>dedicated cable.
>4) The packet travels on the backbone on fiber or really big cable.
>5) The packet arrives at the Vendor's provider
>6) The vendor's provider send to the packet to the vendor.
>7) Done.
>
>Notice that my packet does NOT get sent to anyone else dialed into my ISP.

Walden,

In between steps 2 and 7 your packet gets sent a whole bunch of places.  The
nature of network traffic is that it is broadcasted across the internet and
many, many pieces of equipment see those packets (sure, their is routing
equipment that prevents the whole world from seeing every single packet, but
most packets are flung quite braodly).  If everybody behaves themselves,
then only your recipient actually retrieves the packet body and reads the
message, but not everybody always behaves themselves.

A formoer co-worker of mine started up his own ISP a few years ago.  I have
never been impressed with this man's integrity, so it gives me the absolute
willies to think about trusting my data to him.  Unfortunately, their are
people like him all over the net, and the policing is awfully sparse.

jte


>Now, where can someone "watch" my data? I doubt that anyone has the ability
>to hook into MCI's fiber between NY and Denver. And if they do, getting my
>lowly credit card number is the last thing on their mind. They could hook in
>between the vendor's provider and the vendor, but again that would require
>high-end equipment, not something your average credit card thief would have.
>So, if they are going to hook in, it would probably be between my house and
>my ISP. What a waste of time, the chances that a thief would ever find
>anyone online are pretty small, and even if they did, they would have tapped
>in during a computer conversation. They would need a good amount to
>equipment to interpret the data stream.
>
>On the other hand... You could walk into the switching station outside LL
>Bean w/a hard hat, a clipboard and a telephone handset and listen to a
>verbal communication very easily. As I see it sending credit card numbers
>via the internet is safer than the voice calls I used to make.
>
>JMHO,
>-Walden
>
>+---
>| This is the Midrange System Mailing List!
>| To submit a new message, send your mail to "JAVA400-L@midrange.com".
>| To unsubscribe from this list send email to MAJORDOMO@midrange.com
>|    and specify 'unsubscribe JAVA400-L' in the body of your message.
>| Questions should be directed to the list owner/operator: david@midrange.com
>+---
>umidr
>
>
*********************************
* John Earl                     *
* Lighthouse Software Inc.      *
* 8514 71st NW                  *
* Gig Harbor, WA 98335          *
* 253-858-7388                  *
* johnearl@lns400.com           *
*********************************



+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to "JAVA400-L@midrange.com".
| To unsubscribe from this list send email to MAJORDOMO@midrange.com
|    and specify 'unsubscribe JAVA400-L' in the body of your message.
| Questions should be directed to the list owner/operator: david@midrange.com
+---