lawful intercept/IOS at BlackHat DC, bypassing and recommendations

Tony Varriale tvarriale at comcast.net
Thu Feb 4 15:44:08 CST 2010


Would you mind passing along a source/link on the 15kpps?  I haven't seen 
that number yet.

tv
----- Original Message ----- 
From: "Christopher Morrow" <morrowc.lists at gmail.com>
To: "Gadi Evron" <ge at linuxbox.org>
Cc: "NANOG" <nanog at nanog.org>
Sent: Thursday, February 04, 2010 2:27 PM
Subject: Re: lawful intercept/IOS at BlackHat DC, bypassing and 
recommendations


On Thu, Feb 4, 2010 at 3:19 PM, Gadi Evron <ge at linuxbox.org> wrote:
>
> "That peer-review is the basic purpose of my Blackhat talk and the 
> associated paper. I plan to review Cisco’s architecture for lawful 
> intercept and explain the approach a bad guy would take to getting access 
> without authorization. I’ll identify several aspects of the design and 
> implementation of the Lawful Intercept (LI) and Simple Network Management 
> Protocol Version 3 (SNMPv3) protocols that can be exploited to gain access 
> to the interface, and provide recommendations for mitigating those 
> vulnerabilities in design, implementation, and deployment."


this seems like much more work that matt blaze's work that said: "Just
send more than 10mbps toward what you want to sneak around... the
LEA's pipe is saturated so nothing of use gets to them"

<http://www.crypto.com/blog/calea_weaknesses/>

Also, cisco publishes the fact that their intercept caps out at 15kpps
per line card, so... just keep a steady 15kpps and roll on.

-chris





More information about the NANOG mailing list