NSA able to compromise Cisco, Juniper, Huawei switches

Michael Thomas mike at mtcc.com
Mon Dec 30 16:11:32 UTC 2013

On 12/30/2013 08:03 AM, Dobbins, Roland wrote:
> On Dec 30, 2013, at 10:44 PM, <Valdis.Kletnieks at vt.edu> <Valdis.Kletnieks at vt.edu> wrote:
>> What percentage of Cisco gear that supports a CALEA lawful intercept mode is installed in situations where CALEA doesn't apply, and thus there's a high likelyhood that said support is misconfigured and abusable without being noticed?
> AFAIK, it must be explicitly enabled in order to be functional.  It isn't the sort of thing which is enabled by default, nor can it be enabled without making explicit configuration changes.

Also, the way that things are integrated it's usually an explicit 
decision to pull a piece of functionality
in rather than inheriting it. Product managers don't willingly want to 
waste time pulling things
in that a) don't make them money, and b) require support. So I doubt 
very seriously that CALEA
functionality is accidentally included into inappropriate things. Doubly 
so because of the performance


More information about the NANOG mailing list