We had a hell of a time finding anything that supported the calea stuff past a 7206. This was for an in flight global wifi network, hence my original concern. Also note that when we did get it to work, it pretty much didn't. Or I should say.. It worked when it wanted to. How they are mapping pnr to user sessions is beyond me. In our case all of our aaa was being done by a German partner, which further complicated matters. I always assumed they had our traffic via listening stations but they weren't getting it from us. I no longer have a hand in that network, but I am honestly shocked this morning. Sent from my Mobile Device. -------- Original message -------- From: Valdis.Kletnieks@vt.edu Date: 12/30/2013 6:48 AM (GMT-09:00) To: "Dobbins, Roland" <rdobbins@arbor.net> Cc: "nanog@nanog.org list" <nanog@nanog.org> Subject: Re: NSA able to compromise Cisco, Juniper, Huawei switches On Mon, 30 Dec 2013 14:34:52 +0000, "Dobbins, Roland" said:
My assumption is that this allegation about Cisco and Juniper is the result of non-specialists reading about lawful intercept for the first time, and failing to do their homework.
That does raise an interesting question. What percentage of Cisco gear that supports a CALEA lawful intercept mode is installed in situations where CALEA doesn't apply, and thus there's a high likelyhood that said support is misconfigured and abusable without being noticed?