[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
lawful intercept/IOS at BlackHat DC, bypassing and recommendations
- Subject: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
- From: tvarriale at comcast.net (Tony Varriale)
- Date: Thu, 4 Feb 2010 15:44:08 -0600
- References: <[email protected]> <[email protected]>
Would you mind passing along a source/link on the 15kpps? I haven't seen
that number yet.
tv
----- Original Message -----
From: "Christopher Morrow" <morrowc.lists at gmail.com>
To: "Gadi Evron" <ge at linuxbox.org>
Cc: "NANOG" <nanog at nanog.org>
Sent: Thursday, February 04, 2010 2:27 PM
Subject: Re: lawful intercept/IOS at BlackHat DC, bypassing and
recommendations
On Thu, Feb 4, 2010 at 3:19 PM, Gadi Evron <ge at linuxbox.org> wrote:
>
> "That peer-review is the basic purpose of my Blackhat talk and the
> associated paper. I plan to review Cisco?s architecture for lawful
> intercept and explain the approach a bad guy would take to getting access
> without authorization. I?ll identify several aspects of the design and
> implementation of the Lawful Intercept (LI) and Simple Network Management
> Protocol Version 3 (SNMPv3) protocols that can be exploited to gain access
> to the interface, and provide recommendations for mitigating those
> vulnerabilities in design, implementation, and deployment."
this seems like much more work that matt blaze's work that said: "Just
send more than 10mbps toward what you want to sneak around... the
LEA's pipe is saturated so nothing of use gets to them"
<http://www.crypto.com/blog/calea_weaknesses/>
Also, cisco publishes the fact that their intercept caps out at 15kpps
per line card, so... just keep a steady 15kpps and roll on.
-chris