Re: CALEA - HOW? RE: [WISPA] Form 445

Tue, 13 Feb 2007 11:28:07 -0800 

On Tue, 13 Feb 2007, John Scrivner wrote:
What can you tell us about the "mediation box"? Is this something we can build a few of as WISPA and send to members who need it? 


Well, we are all in the land of unknown right now.  The format of 
the data is yet to be determined.  Let's make a supposition, though. 
If (as I suspect) PCAP is going to be an acceptable standard, then 
MOST wisps already have in place what they will need, except perhaps 
the "mediation box", as it's been called.  PCAP is a data format 
that is created by utilities such as tcpdump and others.  Also, 
let's suppose (because it's not finalized) that streaming is not 
going to be a necessary component of compliance.  With these 2 
suppositions, we have the "ideal" situation.  We can easily gather 
the data using existing tools (least Mikrotik supports what is 
needed, not sure about others).  If an ISP does NOT have a strong 
edge device (such as MT or Imagestream), then they will have to put 
in a hub or switch capable of creating a "mirror" port, that can be 
used to capture the data with a linux server.  Using Mikrotik (for 
example), the data can be streamed to an internal server ("mediation 
server") where it can be stored for LEA retrieval.  For MOST 
subpoenas, this will be the end of the requirement.



SO..for a WISPA built "mediation box", you could simply put together 
a Linux server and a $100 switch.  But, in the end, we have to wait 
to see what format is required before it is possible to truly answer 
this question.


For some interesting reading, try this:
http://www.opencalea.org/NANOG39-Lightning.pdf


The http://www.opencalea.org/ site is pretty useless for the time 
being, but it looks promising.



--
Butch Evans
Network Engineering and Security Consulting
573-276-2879
http://www.butchevans.com/
My calendar: http://tinyurl.com/y24ad6
Training Partners: http://tinyurl.com/smfkf
Mikrotik Certified Consultant
http://www.mikrotik.com/consultants.html
--
WISPA Wireless List: [email protected]

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/






















					Reply via email to