[122042] in North American Network Operators' Group
Re: lawful intercept/IOS at BlackHat DC, bypassing and
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Thu Feb 4 15:29:48 2010
In-Reply-To: <4B6B2BD1.7010300@linuxbox.org>
Date: Thu, 4 Feb 2010 15:27:15 -0500
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Gadi Evron <ge@linuxbox.org>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Feb 4, 2010 at 3:19 PM, Gadi Evron <ge@linuxbox.org> wrote:
>
> "That peer-review is the basic purpose of my Blackhat talk and the associ=
ated paper. I plan to review Cisco=92s architecture for lawful intercept an=
d explain the approach a bad guy would take to getting access without autho=
rization. I=92ll identify several aspects of the design and implementation =
of the Lawful Intercept (LI) and Simple Network Management Protocol Version=
3 (SNMPv3) protocols that can be exploited to gain access to the interface=
, and provide recommendations for mitigating those vulnerabilities in desig=
n, implementation, and deployment."
this seems like much more work that matt blaze's work that said: "Just
send more than 10mbps toward what you want to sneak around... the
LEA's pipe is saturated so nothing of use gets to them"
<http://www.crypto.com/blog/calea_weaknesses/>
Also, cisco publishes the fact that their intercept caps out at 15kpps
per line card, so... just keep a steady 15kpps and roll on.
-chris
