Hi John, The two I'm aware of are SS8 and Verint. They are very expensive.
The mediation device takes in the IP traffic from the ISP's router and translates it into the LAES format that the Feds require, and sends it along. Jeff -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Scrivner Sent: Tuesday, February 13, 2007 2:02 PM To: WISPA General List Subject: Re: CALEA - HOW? RE: [WISPA] Form 445 What can you tell us about the "mediation box"? Is this something we can build a few of as WISPA and send to members who need it? Thanks, Scriv Jeff Broadwick wrote: >Actually, the standard for connecting the mediation box to the LEA (known as >LAES) has been finalized. The standard for connecting from the router to >the mediation box (T1-IAS I believe) will be finalized later this month. > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On >Behalf Of Butch Evans >Sent: Tuesday, February 13, 2007 2:28 AM >To: WISPA General List >Subject: Re: CALEA - HOW? RE: [WISPA] Form 445 > >On Tue, 13 Feb 2007, Rick Smith wrote: > > > >>OK, Don't point me to some confusing URL I don't have time (or >>patience) to read about how to comply with CALEA. >> >> > >The most difficult thing about the CALEA compliance issue is that the format >of the data has not, yet, been finalized. This makes it impossible (IMNSHO) >to determine exactly how compliance is gonna look. Here is what IS known: > >1. You must be able to send the data (in a yet to be determined >format) via a secure connection to the requesting LEA (law enforcement >agency) > >2. The LEA will supply you with a subpoena requesting information on a >specific customer. > >3. You must be able to capture (and forward) ALL traffic to and from that >customer. This means even traffic between that customer and another of your >customers, so a sniffer at the border is NOT enough. > >4. The "target" cannot know his data is being logged. > >I don't think I missed any of the "major points". I have heard that PCAP >(tcpdump or MT packet sniffer) format is possibly going to be an approved >format, but it CANNOT be a "store and forward". In other words, it MUST be >streamed to the LEA. > >I have heard, but I can't confirm (since, I am only an associate >member) that the principle member's list has better insight into what WISPA >is doing on behalf of the membership. (This was gleaned from various posts >on the mailing list here, and is just an >assumption.) Either way, membership is a good idea. ;-) > >If I missed anything, perhaps someone here can point it out. > >-- >Butch Evans >Network Engineering and Security Consulting >573-276-2879 >http://www.butchevans.com/ >My calendar: http://tinyurl.com/y24ad6 >Training Partners: http://tinyurl.com/smfkf Mikrotik Certified Consultant >http://www.mikrotik.com/consultants.html >-- >WISPA Wireless List: [email protected] > >Subscribe/Unsubscribe: >http://lists.wispa.org/mailman/listinfo/wireless > >Archives: http://lists.wispa.org/pipermail/wireless/ > > > > -- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
