NSA able to compromise Cisco, Juniper, Huawei switches

Michael Thomas mike at mtcc.com
Mon Dec 30 16:11:32 UTC 2013


On 12/30/2013 08:03 AM, Dobbins, Roland wrote:
> On Dec 30, 2013, at 10:44 PM, <Valdis.Kletnieks at vt.edu> <Valdis.Kletnieks at vt.edu> wrote:
>
>> What percentage of Cisco gear that supports a CALEA lawful intercept mode is installed in situations where CALEA doesn't apply, and thus there's a high likelyhood that said support is misconfigured and abusable without being noticed?
> AFAIK, it must be explicitly enabled in order to be functional.  It isn't the sort of thing which is enabled by default, nor can it be enabled without making explicit configuration changes.
>
>

Also, the way that things are integrated it's usually an explicit 
decision to pull a piece of functionality
in rather than inheriting it. Product managers don't willingly want to 
waste time pulling things
in that a) don't make them money, and b) require support. So I doubt 
very seriously that CALEA
functionality is accidentally included into inappropriate things. Doubly 
so because of the performance
implications.

Mike



More information about the NANOG mailing list