[167805] in North American Network Operators' Group
Re: NSA able to compromise Cisco, Juniper, Huawei switches
daemon@ATHENA.MIT.EDU (Warren Bailey)
Mon Dec 30 11:38:30 2013
From: Warren Bailey <wbailey@satelliteintelligencegroup.com>
To: "Valdis.Kletnieks@vt.edu" <Valdis.Kletnieks@vt.edu>, "Dobbins, Roland"
<rdobbins@arbor.net>
Date: Mon, 30 Dec 2013 16:38:10 +0000
In-Reply-To: <152239.1388418248@turing-police.cc.vt.edu>
Cc: "nanog@nanog.org list" <nanog@nanog.org>
Reply-To: Warren Bailey <wbailey@satelliteintelligencegroup.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
We had a hell of a time finding anything that supported the calea stuff pas=
t a 7206. This was for an in flight global wifi network, hence my original =
concern. Also note that when we did get it to work, it pretty much didn't. =
Or I should say.. It worked when it wanted to.
How they are mapping pnr to user sessions is beyond me. In our case all of =
our aaa was being done by a German partner, which further complicated matte=
rs. I always assumed they had our traffic via listening stations but they w=
eren't getting it from us. I no longer have a hand in that network, but I a=
m honestly shocked this morning.
Sent from my Mobile Device.
-------- Original message --------
From: Valdis.Kletnieks@vt.edu
Date: 12/30/2013 6:48 AM (GMT-09:00)
To: "Dobbins, Roland" <rdobbins@arbor.net>
Cc: "nanog@nanog.org list" <nanog@nanog.org>
Subject: Re: NSA able to compromise Cisco, Juniper, Huawei switches
On Mon, 30 Dec 2013 14:34:52 +0000, "Dobbins, Roland" said:
> My assumption is that this allegation about Cisco and Juniper is the resu=
lt
> of non-specialists reading about lawful intercept for the first time, and
> failing to do their homework.
That does raise an interesting question. What percentage of Cisco gear
that supports a CALEA lawful intercept mode is installed in situations wher=
e
CALEA doesn't apply, and thus there's a high likelyhood that said support
is misconfigured and abusable without being noticed?
