[122051] in North American Network Operators' Group
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
daemon@ATHENA.MIT.EDU (Tony Varriale)
Thu Feb 4 16:45:05 2010
From: "Tony Varriale" <tvarriale@comcast.net>
To: "NANOG" <nanog@nanog.org>
Date: Thu, 4 Feb 2010 15:44:08 -0600
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Would you mind passing along a source/link on the 15kpps? I haven't seen
that number yet.
tv
----- Original Message -----
From: "Christopher Morrow" <morrowc.lists@gmail.com>
To: "Gadi Evron" <ge@linuxbox.org>
Cc: "NANOG" <nanog@nanog.org>
Sent: Thursday, February 04, 2010 2:27 PM
Subject: Re: lawful intercept/IOS at BlackHat DC, bypassing and
recommendations
On Thu, Feb 4, 2010 at 3:19 PM, Gadi Evron <ge@linuxbox.org> wrote:
>
> "That peer-review is the basic purpose of my Blackhat talk and the
> associated paper. I plan to review Cisco’s architecture for lawful
> intercept and explain the approach a bad guy would take to getting access
> without authorization. I’ll identify several aspects of the design and
> implementation of the Lawful Intercept (LI) and Simple Network Management
> Protocol Version 3 (SNMPv3) protocols that can be exploited to gain access
> to the interface, and provide recommendations for mitigating those
> vulnerabilities in design, implementation, and deployment."
this seems like much more work that matt blaze's work that said: "Just
send more than 10mbps toward what you want to sneak around... the
LEA's pipe is saturated so nothing of use gets to them"
<http://www.crypto.com/blog/calea_weaknesses/>
Also, cisco publishes the fact that their intercept caps out at 15kpps
per line card, so... just keep a steady 15kpps and roll on.
-chris
