Re: [WISPA] Mikrotik's (lame) answer to CALEA as of 4/23
Mikrotik hasn't realized yet how much money they can make by implementing CALEA 100% and charging $100-$200 extra for a CALEA specific capture license... I could not agree more! Matt -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Mikrotik's (lame) answer to CALEA as of 4/23
Mikrotik hasn't realized yet how much money they can make by implementing CALEA 100% and charging $100-$200 extra for a CALEA specific capture license... - Original Message - From: "Jeromie Reeves" <[EMAIL PROTECTED]> To: "WISPA General List" Sent: Tuesday, April 24, 2007 1:35 AM Subject: Re: [WISPA] Mikrotik's (lame) answer to CALEA as of 4/23 > But does that meet CALEA specs? Not really, since it does not do the > MD5 hash and such. At least that is what I get from reading about > CALEA. Basically if a TTP doesn't sign off on it you be at the > wrong end of a investigation when the lawyers start saying it was not > captured correctly. You should talk to your lawyer about it and not > take my opinion of it as anything but just what it is, stinky just > like every ones. > > > On 4/23/07, Smith, Rick <[EMAIL PROTECTED]> wrote: > > You're reading too much into it. > > > > They're right. The ability is there to mirror every packet to/from a IP > > address onto disk. > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > > Behalf Of ralph > > Sent: Monday, April 23, 2007 12:23 PM > > To: 'WISPA General List' > > Subject: RE: [WISPA] Mikrotik's (lame) answer to CALEA as of 4/23 > > > > It is lame because it is a feature that the user community needs and > > wants, > > and the vendor is passing the buck. > > > > Not surprising, concerning their actions on FCC certification of other > > products. > > > > Mikrotik makes dandy router software and I support them on that. > > > > We do use the PC version in some POPs > > > > > > > > Open CALEA is just not yet ready for prime time, however the compliance > > date > > loometh soon. > > > > > > > > The CALEA tap/probe should be something that can be done in the router > > (I > > think that's how Cisco implemented it). > > > > Because Imagestream will have it ready May 1st, we went with their box > > just > > to have something that works now has been tested with the FBI. > > > > I'd just like to feel that the company who many of us support heavily > > should > > listen to and support its customers better. > > > > > > > > I've seen your posts and am well aware that one can capture all traffic > > via > > mirror port and hand the whole shebang over to the LEA, or we can spend > > hours wading through it and massaging data (which I think might cause it > > to > > be tainted). We've probably all captured users' traffic before and > > probably > > all know how to run Ethereal. > > > > > > > > I'd just like to see an accepted method that doesn't take an abundance > > of > > time to institute and maintain. > > > > > > > > I'm curious- do you have a solution, working now, that uses the hardware > > you > > mention and OpenCALEA to deliver a product that will be accepted by law > > enforcement, or are you just talking concepts? > > > > > > > > > > > > > > > > > > _ > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > > Behalf Of Travis Johnson > > Sent: Monday, April 23, 2007 11:55 AM > > To: WISPA General List > > Subject: Re: [WISPA] Mikrotik's (lame) answer to CALEA as of 4/23 > > > > > > > > Why is that lame? I don't see where this is Mikrotik's problem or issue. > > > > I'm going to keep saying this over and over and over (started over a > > year > > ago). Use a smart ethernet switch and mirror your main internet > > connection > > to a box that can capture the traffic. Then use something like openCalea > > (www.opencalea.org). Even if you have to buy a switch, a box to run the > > software, etc. you are less than $500 total. If you have multiple NOC's, > > $500 per location is cheap. > > > > Travis > > Microserv > > > > ralph wrote: > > > > I asked: > > > > > > > > I have 3 of your licensed routers (level 4) When do you plan to > > release a version of RouterOS that is CALEA compliant? > > > > Thank You > > > > > > > > > > They Replied: > > > > Hello, > > > > It already is, you simply have to enable sniffer of all traffic, and > > store > > the raw data on a server that captures it. You can also use smart > > switches > >
Re: [WISPA] Mikrotik's (lame) answer to CALEA as of 4/23
You also might be on the wrong end of CALEA if a TTP does sign off on it. Use of a TTP does not provide any legal cover, btw--in the end, the service provider, not the TTP, is responsible--read the official statements and legalese on the matter. Still, for all the scare tactics getting thrown around, CALEA really isn't that big of a deal (unless you are doing VoIP, where the near-real time requirements require a bit of planning). Yes, sniffing and packaging does meet CALEA specs. Need a MD5 hash? Then generate one... In general, do not expect relatively simple layer 2/3 network equipment to provide complex application layer-style support for various networking tasks that can and, indeed should, be performed elsewhere on the network :) CALEA capable? Sure, if it does Ethernet (or, indeed, any layer two or layer three protocol), then it is CALEA capable. -Clint Ricker Kentnis Technologies On 4/24/07, Jeromie Reeves <[EMAIL PROTECTED]> wrote: But does that meet CALEA specs? Not really, since it does not do the MD5 hash and such. At least that is what I get from reading about CALEA. Basically if a TTP doesn't sign off on it you be at the wrong end of a investigation when the lawyers start saying it was not captured correctly. You should talk to your lawyer about it and not take my opinion of it as anything but just what it is, stinky just like every ones. On 4/23/07, Smith, Rick <[EMAIL PROTECTED]> wrote: > You're reading too much into it. > > They're right. The ability is there to mirror every packet to/from a IP > address onto disk. > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of ralph > Sent: Monday, April 23, 2007 12:23 PM > To: 'WISPA General List' > Subject: RE: [WISPA] Mikrotik's (lame) answer to CALEA as of 4/23 > > It is lame because it is a feature that the user community needs and > wants, > and the vendor is passing the buck. > > Not surprising, concerning their actions on FCC certification of other > products. > > Mikrotik makes dandy router software and I support them on that. > > We do use the PC version in some POPs > > > > Open CALEA is just not yet ready for prime time, however the compliance > date > loometh soon. > > > > The CALEA tap/probe should be something that can be done in the router > (I > think that's how Cisco implemented it). > > Because Imagestream will have it ready May 1st, we went with their box > just > to have something that works now has been tested with the FBI. > > I'd just like to feel that the company who many of us support heavily > should > listen to and support its customers better. > > > > I've seen your posts and am well aware that one can capture all traffic > via > mirror port and hand the whole shebang over to the LEA, or we can spend > hours wading through it and massaging data (which I think might cause it > to > be tainted). We've probably all captured users' traffic before and > probably > all know how to run Ethereal. > > > > I'd just like to see an accepted method that doesn't take an abundance > of > time to institute and maintain. > > > > I'm curious- do you have a solution, working now, that uses the hardware > you > mention and OpenCALEA to deliver a product that will be accepted by law > enforcement, or are you just talking concepts? > > > > > > > > > _ > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Travis Johnson > Sent: Monday, April 23, 2007 11:55 AM > To: WISPA General List > Subject: Re: [WISPA] Mikrotik's (lame) answer to CALEA as of 4/23 > > > > Why is that lame? I don't see where this is Mikrotik's problem or issue. > > I'm going to keep saying this over and over and over (started over a > year > ago). Use a smart ethernet switch and mirror your main internet > connection > to a box that can capture the traffic. Then use something like openCalea > (www.opencalea.org). Even if you have to buy a switch, a box to run the > software, etc. you are less than $500 total. If you have multiple NOC's, > $500 per location is cheap. > > Travis > Microserv > > ralph wrote: > > I asked: > > > > I have 3 of your licensed routers (level 4) When do you plan to > release a version of RouterOS that is CALEA compliant? > > Thank You > > > > > They Replied: > > Hello, > > It already is, you simply have to enable sniffer of all traffic, and > store > the raw data on a server that captures it. You can also use smart > switches > that can mirror ports to a capturing server. See discussions on our > for
Re: [WISPA] Mikrotik's (lame) answer to CALEA as of 4/23
But does that meet CALEA specs? Not really, since it does not do the MD5 hash and such. At least that is what I get from reading about CALEA. Basically if a TTP doesn't sign off on it you be at the wrong end of a investigation when the lawyers start saying it was not captured correctly. You should talk to your lawyer about it and not take my opinion of it as anything but just what it is, stinky just like every ones. On 4/23/07, Smith, Rick <[EMAIL PROTECTED]> wrote: You're reading too much into it. They're right. The ability is there to mirror every packet to/from a IP address onto disk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ralph Sent: Monday, April 23, 2007 12:23 PM To: 'WISPA General List' Subject: RE: [WISPA] Mikrotik's (lame) answer to CALEA as of 4/23 It is lame because it is a feature that the user community needs and wants, and the vendor is passing the buck. Not surprising, concerning their actions on FCC certification of other products. Mikrotik makes dandy router software and I support them on that. We do use the PC version in some POPs Open CALEA is just not yet ready for prime time, however the compliance date loometh soon. The CALEA tap/probe should be something that can be done in the router (I think that's how Cisco implemented it). Because Imagestream will have it ready May 1st, we went with their box just to have something that works now has been tested with the FBI. I'd just like to feel that the company who many of us support heavily should listen to and support its customers better. I've seen your posts and am well aware that one can capture all traffic via mirror port and hand the whole shebang over to the LEA, or we can spend hours wading through it and massaging data (which I think might cause it to be tainted). We've probably all captured users' traffic before and probably all know how to run Ethereal. I'd just like to see an accepted method that doesn't take an abundance of time to institute and maintain. I'm curious- do you have a solution, working now, that uses the hardware you mention and OpenCALEA to deliver a product that will be accepted by law enforcement, or are you just talking concepts? _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Johnson Sent: Monday, April 23, 2007 11:55 AM To: WISPA General List Subject: Re: [WISPA] Mikrotik's (lame) answer to CALEA as of 4/23 Why is that lame? I don't see where this is Mikrotik's problem or issue. I'm going to keep saying this over and over and over (started over a year ago). Use a smart ethernet switch and mirror your main internet connection to a box that can capture the traffic. Then use something like openCalea (www.opencalea.org). Even if you have to buy a switch, a box to run the software, etc. you are less than $500 total. If you have multiple NOC's, $500 per location is cheap. Travis Microserv ralph wrote: I asked: I have 3 of your licensed routers (level 4) When do you plan to release a version of RouterOS that is CALEA compliant? Thank You They Replied: Hello, It already is, you simply have to enable sniffer of all traffic, and store the raw data on a server that captures it. You can also use smart switches that can mirror ports to a capturing server. See discussions on our forum on this topic. Regards, Normunds -- Come to MikroTik User Meetings - April 28th, Abuja, NIGERIA - May 31st - June 1st, Orlando, USA http://mum.mikrotik.com -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
RE: [WISPA] Mikrotik's (lame) answer to CALEA as of 4/23
You're reading too much into it. They're right. The ability is there to mirror every packet to/from a IP address onto disk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ralph Sent: Monday, April 23, 2007 12:23 PM To: 'WISPA General List' Subject: RE: [WISPA] Mikrotik's (lame) answer to CALEA as of 4/23 It is lame because it is a feature that the user community needs and wants, and the vendor is passing the buck. Not surprising, concerning their actions on FCC certification of other products. Mikrotik makes dandy router software and I support them on that. We do use the PC version in some POPs Open CALEA is just not yet ready for prime time, however the compliance date loometh soon. The CALEA tap/probe should be something that can be done in the router (I think that's how Cisco implemented it). Because Imagestream will have it ready May 1st, we went with their box just to have something that works now has been tested with the FBI. I'd just like to feel that the company who many of us support heavily should listen to and support its customers better. I've seen your posts and am well aware that one can capture all traffic via mirror port and hand the whole shebang over to the LEA, or we can spend hours wading through it and massaging data (which I think might cause it to be tainted). We've probably all captured users' traffic before and probably all know how to run Ethereal. I'd just like to see an accepted method that doesn't take an abundance of time to institute and maintain. I'm curious- do you have a solution, working now, that uses the hardware you mention and OpenCALEA to deliver a product that will be accepted by law enforcement, or are you just talking concepts? _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Johnson Sent: Monday, April 23, 2007 11:55 AM To: WISPA General List Subject: Re: [WISPA] Mikrotik's (lame) answer to CALEA as of 4/23 Why is that lame? I don't see where this is Mikrotik's problem or issue. I'm going to keep saying this over and over and over (started over a year ago). Use a smart ethernet switch and mirror your main internet connection to a box that can capture the traffic. Then use something like openCalea (www.opencalea.org). Even if you have to buy a switch, a box to run the software, etc. you are less than $500 total. If you have multiple NOC's, $500 per location is cheap. Travis Microserv ralph wrote: I asked: I have 3 of your licensed routers (level 4) When do you plan to release a version of RouterOS that is CALEA compliant? Thank You They Replied: Hello, It already is, you simply have to enable sniffer of all traffic, and store the raw data on a server that captures it. You can also use smart switches that can mirror ports to a capturing server. See discussions on our forum on this topic. Regards, Normunds -- Come to MikroTik User Meetings - April 28th, Abuja, NIGERIA - May 31st - June 1st, Orlando, USA http://mum.mikrotik.com -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Mikrotik's (lame) answer to CALEA as of 4/23
I do have one question here... does the provider run the risk of privacy when capturing data that is not explicitly requested in the warrant or subpoena? When the connection is mirrored, will the provider be able to dissect the requested data? Because I would assume you can not give the requesting LEA anything they did not have a legal request for. When we had our dialup ISP, we were very careful in only providing only the warranted or subpoenaed information to the requesting LEA. Frank Muto President FSM Marketing Group, Inc www.SecureEmailPlus.com ISPCON Spring 2007 May 23-25 in Orlando, FL. LaunchPad Pavilion J - Original Message - From: Travis Johnson To: WISPA General List Sent: Monday, April 23, 2007 11:54 AM Subject: Re: [WISPA] Mikrotik's (lame) answer to CALEA as of 4/23 Why is that lame? I don't see where this is Mikrotik's problem or issue. I'm going to keep saying this over and over and over (started over a year ago). Use a smart ethernet switch and mirror your main internet connection to a box that can capture the traffic. Then use something like openCalea (www.opencalea.org). Even if you have to buy a switch, a box to run the software, etc. you are less than $500 total. If you have multiple NOC's, $500 per location is cheap. Travis Microserv ralph wrote: I asked: I have 3 of your licensed routers (level 4) When do you plan to release a version of RouterOS that is CALEA compliant? Thank You They Replied: Hello, It already is, you simply have to enable sniffer of all traffic, and store the raw data on a server that captures it. You can also use smart switches that can mirror ports to a capturing server. See discussions on our forum on this topic. Regards, Normunds -- Come to MikroTik User Meetings - April 28th, Abuja, NIGERIA - May 31st - June 1st, Orlando, USA http://mum.mikrotik.com -- -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
RE: [WISPA] Mikrotik's (lame) answer to CALEA as of 4/23
It is lame because it is a feature that the user community needs and wants, and the vendor is passing the buck. Not surprising, concerning their actions on FCC certification of other products. Mikrotik makes dandy router software and I support them on that. We do use the PC version in some POPs Open CALEA is just not yet ready for prime time, however the compliance date loometh soon. The CALEA tap/probe should be something that can be done in the router (I think that's how Cisco implemented it). Because Imagestream will have it ready May 1st, we went with their box just to have something that works now has been tested with the FBI. I'd just like to feel that the company who many of us support heavily should listen to and support its customers better. I've seen your posts and am well aware that one can capture all traffic via mirror port and hand the whole shebang over to the LEA, or we can spend hours wading through it and massaging data (which I think might cause it to be tainted). We've probably all captured users' traffic before and probably all know how to run Ethereal. I'd just like to see an accepted method that doesn't take an abundance of time to institute and maintain. I'm curious- do you have a solution, working now, that uses the hardware you mention and OpenCALEA to deliver a product that will be accepted by law enforcement, or are you just talking concepts? _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Johnson Sent: Monday, April 23, 2007 11:55 AM To: WISPA General List Subject: Re: [WISPA] Mikrotik's (lame) answer to CALEA as of 4/23 Why is that lame? I don't see where this is Mikrotik's problem or issue. I'm going to keep saying this over and over and over (started over a year ago). Use a smart ethernet switch and mirror your main internet connection to a box that can capture the traffic. Then use something like openCalea (www.opencalea.org). Even if you have to buy a switch, a box to run the software, etc. you are less than $500 total. If you have multiple NOC's, $500 per location is cheap. Travis Microserv ralph wrote: I asked: I have 3 of your licensed routers (level 4) When do you plan to release a version of RouterOS that is CALEA compliant? Thank You They Replied: Hello, It already is, you simply have to enable sniffer of all traffic, and store the raw data on a server that captures it. You can also use smart switches that can mirror ports to a capturing server. See discussions on our forum on this topic. Regards, Normunds -- Come to MikroTik User Meetings - April 28th, Abuja, NIGERIA - May 31st - June 1st, Orlando, USA http://mum.mikrotik.com -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] Mikrotik's (lame) answer to CALEA as of 4/23
Why is that lame? I don't see where this is Mikrotik's problem or issue. I'm going to keep saying this over and over and over (started over a year ago). Use a smart ethernet switch and mirror your main internet connection to a box that can capture the traffic. Then use something like openCalea (www.opencalea.org). Even if you have to buy a switch, a box to run the software, etc. you are less than $500 total. If you have multiple NOC's, $500 per location is cheap. Travis Microserv ralph wrote: I asked: I have 3 of your licensed routers (level 4) When do you plan to release a version of RouterOS that is CALEA compliant? Thank You They Replied: Hello, It already is, you simply have to enable sniffer of all traffic, and store the raw data on a server that captures it. You can also use smart switches that can mirror ports to a capturing server. See discussions on our forum on this topic. Regards, Normunds -- Come to MikroTik User Meetings - April 28th, Abuja, NIGERIA - May 31st - June 1st, Orlando, USA http://mum.mikrotik.com -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] Mikrotik's (lame) answer to CALEA as of 4/23
I asked: > I have 3 of your licensed routers (level 4) When do you plan to > release a version of RouterOS that is CALEA compliant? > > Thank You They Replied: Hello, It already is, you simply have to enable sniffer of all traffic, and store the raw data on a server that captures it. You can also use smart switches that can mirror ports to a capturing server. See discussions on our forum on this topic. Regards, Normunds -- Come to MikroTik User Meetings - April 28th, Abuja, NIGERIA - May 31st - June 1st, Orlando, USA http://mum.mikrotik.com -- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
