NSA able to compromise Cisco, Juniper, Huawei switches
Michael Thomas
mike at mtcc.com
Mon Dec 30 16:11:32 UTC 2013
On 12/30/2013 08:03 AM, Dobbins, Roland wrote:
> On Dec 30, 2013, at 10:44 PM, <Valdis.Kletnieks at vt.edu> <Valdis.Kletnieks at vt.edu> wrote:
>
>> What percentage of Cisco gear that supports a CALEA lawful intercept mode is installed in situations where CALEA doesn't apply, and thus there's a high likelyhood that said support is misconfigured and abusable without being noticed?
> AFAIK, it must be explicitly enabled in order to be functional. It isn't the sort of thing which is enabled by default, nor can it be enabled without making explicit configuration changes.
>
>
Also, the way that things are integrated it's usually an explicit
decision to pull a piece of functionality
in rather than inheriting it. Product managers don't willingly want to
waste time pulling things
in that a) don't make them money, and b) require support. So I doubt
very seriously that CALEA
functionality is accidentally included into inappropriate things. Doubly
so because of the performance
implications.
Mike
More information about the NANOG
mailing list