19 May
2008
19 May
'08
11:07 a.m.
Florian Weimer wrote:
| Network administrators are not able to observe Lawful Intercept is | enabled. No Lawful Intercept program messages or error messages are ever | displayed on the console.
<http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/lawf_int.html>
This is a Sony-style rootkit, but it certainly demonstrate that the concept is feasible (surprise).
Eh, it's a little misleading. Every Net admin knows when Lawful Intercept is activated on their router. The processor utilization takes a major spike. What it's doing might not be known, though umm, even intercept traffic itself can be intercepted or redirected through portions of the network where it can be intercepted. ;) Jack