Re: NSA able to compromise Cisco, Juniper, Huawei switches

[Warren Bailey <wbailey () satelliteintelligencegroup com>]

We had a hell of a time finding anything that supported the calea stuff past a 7206. This was for an in flight global 
wifi network, hence my original concern. Also note that when we did get it to work, it pretty much didn't. Or I should 
say.. It worked when it wanted to.

How they are mapping pnr to user sessions is beyond me. In our case all of our aaa was being done by a German partner, 
which further complicated matters. I always assumed they had our traffic via listening stations but they weren't 
getting it from us. I no longer have a hand in that network, but I am honestly shocked this morning.


Sent from my Mobile Device.


-------- Original message --------
From: Valdis.Kletnieks () vt edu
Date: 12/30/2013 6:48 AM (GMT-09:00)
To: "Dobbins, Roland" <rdobbins () arbor net>
Cc: "nanog () nanog org list" <nanog () nanog org>
Subject: Re: NSA able to compromise Cisco, Juniper, Huawei switches


On Mon, 30 Dec 2013 14:34:52 +0000, "Dobbins, Roland" said:

> My assumption is that this allegation about Cisco and Juniper is the result
> of non-specialists reading about lawful intercept for the first time, and
> failing to do their homework.

That does raise an interesting question. What percentage of Cisco gear
that supports a CALEA lawful intercept mode is installed in situations where
CALEA doesn't apply, and thus there's a high likelyhood that said support
is misconfigured and abusable without being noticed?