(RADIATOR) Session based Lawful Intercepts

Robert Blayzor rblayzor at inoc.net
Mon Feb 26 19:05:06 CST 2007 

Hugh Irvine wrote:
> Further to this, there are additional requirements over and above Radiator.
> 
> You will also need some sort of warrant insertion so that the user
> authentication for the specific user returns the required attributes,
> and you will also need some mediation device which will receive the tap
> data and package it according to your LI agency requirements.


Not really.  Actually lawful intercept works one of three ways.

1)  Via return attributes supplied from the RADIUS server in the
access-accept. (ie: the salt encrypted attributes in the link I
provided)  This tells the NAS/LAC to start sending packets to the device
supplied.

2)  Via a client side request to the NAS supplying the current
session-id of the user (with the above attributes) COA.

3)  Via SNMPv3 request with the appropriate MIB.


The mediation device is optional depending on how you want to supply the
data to the LEA.  (at least the law is written that way).  I believe
(from what I've read) the intercepted traffic is just encapsulated into
a UDP stream and sent to a port on the mediation device.  One could
probably just also sniff the port with tcpdump and capture the data and
provide ot the LEA.  That's the problem with CALEA right now, there is
no one way of doing it, there is no enforced standard; and there
probably should not be.  There is a huge racket of consultants and
software vendors right now collecting a ton of money for something so
simple. (ie: capture packets and forward them).

As an broadband provider that's 100% PPPoX with LI enabled bba routers,
naturally RADIUS is our best fit. (no expensive probes required)

-- 
Robert Blayzor, BOFH
INOC, LLC
rblayzor\@(inoc.net|gmail.com)
PGP: 0x66F90BFC @ http://pgp.mit.edu
Key fingerprint = 6296 F715 038B 44C1 2720  292A 8580 500E 66F9 0BFC

"Pinky, you've left the lens cap of your mind on again."
 - The Brain

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list