[c-nsp] IOS and CALEA intercepts?
Frank Bulk
frnkblk at iname.com
Thu Jan 25 01:31:28 EST 2007
Based on the various CALEA presentations I have seen from our consultant,
upstream internet provider, NECA, and others, it seems that at the end of
the day LEA is looking for best-effort and smart capturing. So if you can
do it via SII, great, but if the network device can only do port spanning
and that feeds into a "mediation device", that's OK, too. If you use DHCP
to provide IP addresses to your users and can extend the lease so that it
doesn't change for a long time, perfect. If you need to do it via some
other kind of mechanism, that's fine, too. If the LEA needs to capture some
traffic and you have OC-3 terminated connections on your 7200 and there's
the possibility that the target might be communicating with a co-conspirator
who is also terminated on that 7200 such that you can't easily mirror the
traffic, you might need to break out an OC-3 probe to capture the necessary
traffic. But if it's all upstream from the 7200 then an Ethernet probe
might device.
So at the end of the day it seems very pragmatic -- following the order, of
course, but doing what it needs to take, within reason, to get the job done.
Does anyone have impressions that indicate otherwise?
Frank
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Justin Shore
Sent: Wednesday, January 24, 2007 6:48 PM
To: Eric Helm; david raistrick
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] IOS and CALEA intercepts?
>From having done a marginal amount of research on the topic I see the
documentation make frequent reference to a "mediation device." I was
under the impression that you simply matched the target's traffic with
an ACL and used the LI commands to copy that traffic to the LEA over the
network. Is a "mediation device" required for LI? The docs imply that
the mediation device matches the CALEA request with the target by way of
AAA. What if the user doesn't have to auth to get onto the network.
For example what do ISPs do that use RBE instead of PPPoE/A? This is an
interesting discussion.
Thanks
Justin
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Eric Helm
Sent: Wednesday, January 24, 2007 4:44 PM
To: david raistrick
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] IOS and CALEA intercepts?
A vendor that uses SS8 Networks for the CALEA function, recommended a
feature called Service Independent Intercept
(http://www.cisco.com/en/US/products/ps6566/products_feature_guide09186a
008060dece.html).
Feature Navigator lists the AS5350/5400/5850, 7200, 7100, 10000, and
3660 as supported platforms.
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list