[167800] in North American Network Operators' Group
Re: NSA able to compromise Cisco, Juniper, Huawei switches
daemon@ATHENA.MIT.EDU (Michael Thomas)
Mon Dec 30 11:12:09 2013
Date: Mon, 30 Dec 2013 08:11:32 -0800
From: Michael Thomas <mike@mtcc.com>
To: nanog@nanog.org
In-Reply-To: <9B3DCE32-A71C-4DD1-8B63-2FCE83A5F520@arbor.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 12/30/2013 08:03 AM, Dobbins, Roland wrote:
> On Dec 30, 2013, at 10:44 PM, <Valdis.Kletnieks@vt.edu> <Valdis.Kletnieks@vt.edu> wrote:
>
>> What percentage of Cisco gear that supports a CALEA lawful intercept mode is installed in situations where CALEA doesn't apply, and thus there's a high likelyhood that said support is misconfigured and abusable without being noticed?
> AFAIK, it must be explicitly enabled in order to be functional. It isn't the sort of thing which is enabled by default, nor can it be enabled without making explicit configuration changes.
>
>
Also, the way that things are integrated it's usually an explicit
decision to pull a piece of functionality
in rather than inheriting it. Product managers don't willingly want to
waste time pulling things
in that a) don't make them money, and b) require support. So I doubt
very seriously that CALEA
functionality is accidentally included into inappropriate things. Doubly
so because of the performance
implications.
Mike
