NSA able to compromise Cisco, Juniper, Huawei switches

Warren Bailey wbailey at satelliteintelligencegroup.com
Mon Dec 30 16:38:10 UTC 2013

We had a hell of a time finding anything that supported the calea stuff past a 7206. This was for an in flight global wifi network, hence my original concern. Also note that when we did get it to work, it pretty much didn't. Or I should say.. It worked when it wanted to.

How they are mapping pnr to user sessions is beyond me. In our case all of our aaa was being done by a German partner, which further complicated matters. I always assumed they had our traffic via listening stations but they weren't getting it from us. I no longer have a hand in that network, but I am honestly shocked this morning.

Sent from my Mobile Device.

-------- Original message --------
From: Valdis.Kletnieks at vt.edu
Date: 12/30/2013 6:48 AM (GMT-09:00)
To: "Dobbins, Roland" <rdobbins at arbor.net>
Cc: "nanog at nanog.org list" <nanog at nanog.org>
Subject: Re: NSA able to compromise Cisco, Juniper, Huawei switches

On Mon, 30 Dec 2013 14:34:52 +0000, "Dobbins, Roland" said:

> My assumption is that this allegation about Cisco and Juniper is the result
> of non-specialists reading about lawful intercept for the first time, and
> failing to do their homework.

That does raise an interesting question. What percentage of Cisco gear
that supports a CALEA lawful intercept mode is installed in situations where
CALEA doesn't apply, and thus there's a high likelyhood that said support
is misconfigured and abusable without being noticed?

More information about the NANOG mailing list