Hello All, My company is looking at updating our CALEA set up. Our network has changed appreciably since our initial rollout and I am looking at utilizing Cisco's Lawful Intercept. I'm wondering what people are using as "Mediator Devices", aka what the Cisco routers are sending the Lawful Intercept stream to. Cisco's Lawful Intercept seems like a solid option since all it requires for us is an IOS upgrade on our core routers and something to act as a Mediator, but I'm also interested in solutions others are using. -- Byron Hooper Network Engineer GWI 8 Pomerleau Street Biddeford, ME 04005 Office & Cell: (207) 602-1215
Are you looking at a Mediation box because you are doing VOIP? Other than Cisco I am familiar with DeepSweep. I have heard of Verint, Utimaco, and Pine Digital. However, no 1st hand knowledge or anything other than passing. :-) Justin -- Justin Wilson <j2sw@mtin.net> Aol & Yahoo IM: j2sw http://www.mtin.net/blog xISP News http://www.twitter.com/j2sw Follow me on Twitter http://www.thebrotherswisp.com/ - The Brothers WISP podcast -----Original Message----- From: Byron Hooper <bhooper@staff.gwi.net> Date: Friday, January 18, 2013 4:52 PM To: <nanog@nanog.org> Subject: CALEA options for small/midsize ISPs
Hello All,
My company is looking at updating our CALEA set up. Our network has changed appreciably since our initial rollout and I am looking at utilizing Cisco's Lawful Intercept. I'm wondering what people are using as "Mediator Devices", aka what the Cisco routers are sending the Lawful Intercept stream to.
Cisco's Lawful Intercept seems like a solid option since all it requires for us is an IOS upgrade on our core routers and something to act as a Mediator, but I'm also interested in solutions others are using.
-- Byron Hooper Network Engineer GWI 8 Pomerleau Street Biddeford, ME 04005 Office & Cell: (207) 602-1215
We used Cisco for lawful intercept.. Their mibs are wanky and at the time only the 7206 was support for the LI functionality. Food for thought.
From my Android phone on T-Mobile. The first nationwide 4G network.
-------- Original message -------- From: Byron Hooper <bhooper@staff.gwi.net> Date: 01/20/2013 3:00 PM (GMT-08:00) To: nanog@nanog.org Subject: CALEA options for small/midsize ISPs Hello All, My company is looking at updating our CALEA set up. Our network has changed appreciably since our initial rollout and I am looking at utilizing Cisco's Lawful Intercept. I'm wondering what people are using as "Mediator Devices", aka what the Cisco routers are sending the Lawful Intercept stream to. Cisco's Lawful Intercept seems like a solid option since all it requires for us is an IOS upgrade on our core routers and something to act as a Mediator, but I'm also interested in solutions others are using. -- Byron Hooper Network Engineer GWI 8 Pomerleau Street Biddeford, ME 04005 Office & Cell: (207) 602-1215
Another option is the IP traffic export option. http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_rawip.html Frank -----Original Message----- From: Warren Bailey [mailto:wbailey@satelliteintelligencegroup.com] Sent: Sunday, January 20, 2013 6:34 PM To: Byron Hooper; nanog@nanog.org Subject: RE: CALEA options for small/midsize ISPs We used Cisco for lawful intercept.. Their mibs are wanky and at the time only the 7206 was support for the LI functionality. Food for thought.
From my Android phone on T-Mobile. The first nationwide 4G network.
-------- Original message -------- From: Byron Hooper <bhooper@staff.gwi.net> Date: 01/20/2013 3:00 PM (GMT-08:00) To: nanog@nanog.org Subject: CALEA options for small/midsize ISPs Hello All, My company is looking at updating our CALEA set up. Our network has changed appreciably since our initial rollout and I am looking at utilizing Cisco's Lawful Intercept. I'm wondering what people are using as "Mediator Devices", aka what the Cisco routers are sending the Lawful Intercept stream to. Cisco's Lawful Intercept seems like a solid option since all it requires for us is an IOS upgrade on our core routers and something to act as a Mediator, but I'm also interested in solutions others are using. -- Byron Hooper Network Engineer GWI 8 Pomerleau Street Biddeford, ME 04005 Office & Cell: (207) 602-1215
I don't see any mention of CALEA. A traffic dump won't satisfy a CALEA warrant. Justin -----Original Message----- From: Frank Bulk <frnkblk@iname.com> Date: Sunday, January 20, 2013 10:31 PM To: 'Warren Bailey' <wbailey@satelliteintelligencegroup.com>, Byron Hooper <bhooper@staff.gwi.net>, <nanog@nanog.org> Subject: RE: CALEA options for small/midsize ISPs
Another option is the IP traffic export option. http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_rawip.ht ml
Frank
-----Original Message----- From: Warren Bailey [mailto:wbailey@satelliteintelligencegroup.com] Sent: Sunday, January 20, 2013 6:34 PM To: Byron Hooper; nanog@nanog.org Subject: RE: CALEA options for small/midsize ISPs
We used Cisco for lawful intercept.. Their mibs are wanky and at the time only the 7206 was support for the LI functionality. Food for thought.
From my Android phone on T-Mobile. The first nationwide 4G network.
-------- Original message -------- From: Byron Hooper <bhooper@staff.gwi.net> Date: 01/20/2013 3:00 PM (GMT-08:00) To: nanog@nanog.org Subject: CALEA options for small/midsize ISPs
Hello All,
My company is looking at updating our CALEA set up. Our network has changed appreciably since our initial rollout and I am looking at utilizing Cisco's Lawful Intercept. I'm wondering what people are using as "Mediator Devices", aka what the Cisco routers are sending the Lawful Intercept stream to.
Cisco's Lawful Intercept seems like a solid option since all it requires for us is an IOS upgrade on our core routers and something to act as a Mediator, but I'm also interested in solutions others are using.
-- Byron Hooper Network Engineer GWI 8 Pomerleau Street Biddeford, ME 04005 Office & Cell: (207) 602-1215
Our Trusted Third Party (TTP) asked us to IP Traffic Export. As others commented in this forum, the LEAs is not looking for SPs to replace their entire networks to create an ideal CALEA-compliant environment. It's my understanding that LEA will take a Cisco IP Traffic Export flow. Frank -----Original Message----- From: Justin Wilson [mailto:lists@mtin.net] Sent: Sunday, January 20, 2013 9:54 PM To: nanog@nanog.org Subject: Re: CALEA options for small/midsize ISPs I don't see any mention of CALEA. A traffic dump won't satisfy a CALEA warrant. Justin -----Original Message----- From: Frank Bulk <frnkblk@iname.com> Date: Sunday, January 20, 2013 10:31 PM To: 'Warren Bailey' <wbailey@satelliteintelligencegroup.com>, Byron Hooper <bhooper@staff.gwi.net>, <nanog@nanog.org> Subject: RE: CALEA options for small/midsize ISPs
Another option is the IP traffic export option. http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_rawip.ht ml
Frank
-----Original Message----- From: Warren Bailey [mailto:wbailey@satelliteintelligencegroup.com] Sent: Sunday, January 20, 2013 6:34 PM To: Byron Hooper; nanog@nanog.org Subject: RE: CALEA options for small/midsize ISPs
We used Cisco for lawful intercept.. Their mibs are wanky and at the time only the 7206 was support for the LI functionality. Food for thought.
From my Android phone on T-Mobile. The first nationwide 4G network.
-------- Original message -------- From: Byron Hooper <bhooper@staff.gwi.net> Date: 01/20/2013 3:00 PM (GMT-08:00) To: nanog@nanog.org Subject: CALEA options for small/midsize ISPs
Hello All,
My company is looking at updating our CALEA set up. Our network has changed appreciably since our initial rollout and I am looking at utilizing Cisco's Lawful Intercept. I'm wondering what people are using as "Mediator Devices", aka what the Cisco routers are sending the Lawful Intercept stream to.
Cisco's Lawful Intercept seems like a solid option since all it requires for us is an IOS upgrade on our core routers and something to act as a Mediator, but I'm also interested in solutions others are using.
-- Byron Hooper Network Engineer GWI 8 Pomerleau Street Biddeford, ME 04005 Office & Cell: (207) 602-1215
I agree with the TTP taking the IP traffic. They simply re-package it for the LEA. It's up to the LEA to take the traffic flow or not. If it's a true CALEA warrant, not a normal wire tap, the defense could argue they did not follow protocol. Justin -----Original Message----- From: Frank Bulk <frnkblk@iname.com> Date: Sunday, January 20, 2013 11:03 PM To: Justin Wilson <lists@mtin.net>, <nanog@nanog.org> Subject: RE: CALEA options for small/midsize ISPs
Our Trusted Third Party (TTP) asked us to IP Traffic Export. As others commented in this forum, the LEAs is not looking for SPs to replace their entire networks to create an ideal CALEA-compliant environment. It's my understanding that LEA will take a Cisco IP Traffic Export flow.
Frank
-----Original Message----- From: Justin Wilson [mailto:lists@mtin.net] Sent: Sunday, January 20, 2013 9:54 PM To: nanog@nanog.org Subject: Re: CALEA options for small/midsize ISPs
I don't see any mention of CALEA. A traffic dump won't satisfy a CALEA warrant.
Justin
-----Original Message----- From: Frank Bulk <frnkblk@iname.com> Date: Sunday, January 20, 2013 10:31 PM To: 'Warren Bailey' <wbailey@satelliteintelligencegroup.com>, Byron Hooper <bhooper@staff.gwi.net>, <nanog@nanog.org> Subject: RE: CALEA options for small/midsize ISPs
Another option is the IP traffic export option. http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_rawip.h t ml
Frank
-----Original Message----- From: Warren Bailey [mailto:wbailey@satelliteintelligencegroup.com] Sent: Sunday, January 20, 2013 6:34 PM To: Byron Hooper; nanog@nanog.org Subject: RE: CALEA options for small/midsize ISPs
We used Cisco for lawful intercept.. Their mibs are wanky and at the time only the 7206 was support for the LI functionality. Food for thought.
From my Android phone on T-Mobile. The first nationwide 4G network.
-------- Original message -------- From: Byron Hooper <bhooper@staff.gwi.net> Date: 01/20/2013 3:00 PM (GMT-08:00) To: nanog@nanog.org Subject: CALEA options for small/midsize ISPs
Hello All,
My company is looking at updating our CALEA set up. Our network has changed appreciably since our initial rollout and I am looking at utilizing Cisco's Lawful Intercept. I'm wondering what people are using as "Mediator Devices", aka what the Cisco routers are sending the Lawful Intercept stream to.
Cisco's Lawful Intercept seems like a solid option since all it requires for us is an IOS upgrade on our core routers and something to act as a Mediator, but I'm also interested in solutions others are using.
-- Byron Hooper Network Engineer GWI 8 Pomerleau Street Biddeford, ME 04005 Office & Cell: (207) 602-1215
I have yet to see a lot of networks in TRUE compliance with CALEA requirements. Most of the time, it's some intermediate box that is doing a netflow-esque imports from routers that net/j/xyzflow normally. The only issue I/we ever ran into was how to in fact process the LEA request for an actual CALEA intercept (as you pointed out, there are differences). At the end of the day, I'm not totally convinced there is a completely tried and true way to get it out. The burden is on the SP to show some level of compliance, which I think is probably done pretty well at the end of the day. The CALEA equipment is often very expensive, and often the expense is just not feasible to many small to mid sized ISP's. On another note, the CALEA for telephony is absolutely rock solid. They can include Side A and Side B (to show a party was indeed talking on the phone for evidence purposes), they can have the switch center automatically call the LEA to listen in on the conversation in real time. All said, the phone guys have been processing wire taps and LEA requests for years, and do it on a fairly regular basis. I have never actually seen a real life CALEA request for real time interception of data (not saying they don't exist), so I have little experience in actually pressing the button. I think as long as you're showing the local/state/feds that you want to play ball, they take what you give with a smile. I would be curious to see what would happen if a lawful intercept request came through and the service provider refused to process it. I have been a party to many discussions as to the application of CALEA and most people believe (rightly or not) they are not required to comply. On 1/20/13 8:10 PM, "Justin Wilson" <lists@mtin.net> wrote:
I agree with the TTP taking the IP traffic. They simply re-package it for the LEA.
It's up to the LEA to take the traffic flow or not. If it's a true CALEA warrant, not a normal wire tap, the defense could argue they did not follow protocol.
Justin
-----Original Message----- From: Frank Bulk <frnkblk@iname.com> Date: Sunday, January 20, 2013 11:03 PM To: Justin Wilson <lists@mtin.net>, <nanog@nanog.org> Subject: RE: CALEA options for small/midsize ISPs
Our Trusted Third Party (TTP) asked us to IP Traffic Export. As others commented in this forum, the LEAs is not looking for SPs to replace their entire networks to create an ideal CALEA-compliant environment. It's my understanding that LEA will take a Cisco IP Traffic Export flow.
Frank
-----Original Message----- From: Justin Wilson [mailto:lists@mtin.net] Sent: Sunday, January 20, 2013 9:54 PM To: nanog@nanog.org Subject: Re: CALEA options for small/midsize ISPs
I don't see any mention of CALEA. A traffic dump won't satisfy a CALEA warrant.
Justin
-----Original Message----- From: Frank Bulk <frnkblk@iname.com> Date: Sunday, January 20, 2013 10:31 PM To: 'Warren Bailey' <wbailey@satelliteintelligencegroup.com>, Byron Hooper <bhooper@staff.gwi.net>, <nanog@nanog.org> Subject: RE: CALEA options for small/midsize ISPs
Another option is the IP traffic export option. http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_rawip. h t ml
Frank
-----Original Message----- From: Warren Bailey [mailto:wbailey@satelliteintelligencegroup.com] Sent: Sunday, January 20, 2013 6:34 PM To: Byron Hooper; nanog@nanog.org Subject: RE: CALEA options for small/midsize ISPs
We used Cisco for lawful intercept.. Their mibs are wanky and at the time only the 7206 was support for the LI functionality. Food for thought.
From my Android phone on T-Mobile. The first nationwide 4G network.
-------- Original message -------- From: Byron Hooper <bhooper@staff.gwi.net> Date: 01/20/2013 3:00 PM (GMT-08:00) To: nanog@nanog.org Subject: CALEA options for small/midsize ISPs
Hello All,
My company is looking at updating our CALEA set up. Our network has changed appreciably since our initial rollout and I am looking at utilizing Cisco's Lawful Intercept. I'm wondering what people are using as "Mediator Devices", aka what the Cisco routers are sending the Lawful Intercept stream to.
Cisco's Lawful Intercept seems like a solid option since all it requires for us is an IOS upgrade on our core routers and something to act as a Mediator, but I'm also interested in solutions others are using.
-- Byron Hooper Network Engineer GWI 8 Pomerleau Street Biddeford, ME 04005 Office & Cell: (207) 602-1215
On 1/20/13, Warren Bailey <wbailey@satelliteintelligencegroup.com> wrote: [snip]
want to play ball, they take what you give with a smile. I would be curious to see what would happen if a lawful intercept request came through and the service provider refused to process it. I have been a
The LEAs might be flexible in how they are willing to take the data. But it would be a very dangerous proposition indeed to outright 'refuse'; I am sure most organizations would be exhausting every reasonable course to satisfy the requirements of the order. Forget about FCC civil penalties: the LEA may start arresting managers responsible for refusal, on the charges of obstruction, due to interfering with an investigation. People might talk about refusing to process a CALEA warrant. IF/when they do receive such a lawful order: I am almost positive they will respond in some way other than a refusal to attempt to comply. So that's probably why it's not likely we will hear of a refusal occuring, at least for a long time
On 1/20/13 8:10 PM, "Justin Wilson" <lists@mtin.net> wrote: [snip] -- -JH
----- Original Message -----
From: "Jimmy Hess" <mysidia@gmail.com>
Forget about FCC civil penalties: the LEA may start arresting managers responsible for refusal, on the charges of obstruction, due to interfering with an investigation.
People might talk about refusing to process a CALEA warrant.
IF/when they do receive such a lawful order: I am almost positive they will respond in some way other than a refusal to attempt to comply.
So that's probably why it's not likely we will hear of a refusal occuring, at least for a long time
Yes, "constructive" refusal is much harder to prove. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
On Fri, Jan 18, 2013 at 4:52 PM, Byron Hooper <bhooper@staff.gwi.net> wrote:
Hello All,
My company is looking at updating our CALEA set up. Our network has changed appreciably since our initial rollout and I am looking at utilizing Cisco's Lawful Intercept. I'm wondering what people are using as "Mediator Devices", aka what the Cisco routers are sending the Lawful Intercept stream to.
Cisco's Lawful Intercept seems like a solid option since all it requires for us is an IOS upgrade on our core routers and something to act as a Mediator, but I'm also interested in solutions others are using.
not that when I last looked there were some pretty serious speed/feed problems with this solution. (like 15kpps max) I believe packetforensics still ships boxes that do the intercept and I believe send data off to LEA in the right format: <http://packetforensics.com/products.safe> it'd require these to be in place between PE and CE though, which is 'ok' if you have an all fiber type deployment.
-- Byron Hooper Network Engineer GWI 8 Pomerleau Street Biddeford, ME 04005 Office & Cell: (207) 602-1215
participants (7)
-
Byron Hooper
-
Christopher Morrow
-
Frank Bulk
-
Jay Ashworth
-
Jimmy Hess
-
Justin Wilson
-
Warren Bailey