mailing list archives
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
From: "Tony Varriale" <tvarriale () comcast net>
Date: Thu, 4 Feb 2010 15:44:08 -0600
Would you mind passing along a source/link on the 15kpps? I haven't seen
that number yet.
----- Original Message -----
From: "Christopher Morrow" <morrowc.lists () gmail com>
To: "Gadi Evron" <ge () linuxbox org>
Cc: "NANOG" <nanog () nanog org>
Sent: Thursday, February 04, 2010 2:27 PM
Subject: Re: lawful intercept/IOS at BlackHat DC, bypassing and
On Thu, Feb 4, 2010 at 3:19 PM, Gadi Evron <ge () linuxbox org> wrote:
"That peer-review is the basic purpose of my Blackhat talk and the
associated paper. I plan to review Cisco’s architecture for lawful
intercept and explain the approach a bad guy would take to getting access
without authorization. I’ll identify several aspects of the design and
implementation of the Lawful Intercept (LI) and Simple Network Management
Protocol Version 3 (SNMPv3) protocols that can be exploited to gain access
to the interface, and provide recommendations for mitigating those
vulnerabilities in design, implementation, and deployment."
this seems like much more work that matt blaze's work that said: "Just
send more than 10mbps toward what you want to sneak around... the
LEA's pipe is saturated so nothing of use gets to them"
Also, cisco publishes the fact that their intercept caps out at 15kpps
per line card, so... just keep a steady 15kpps and roll on.
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations Jorge Amodio (Feb 04)