Hi All.
I'm located in the US and would like to comply with the Communications Assistance for Law Enforcement Act (CALEA) that Congress passed which basically says that VoIP providers should have the ability to wiretap conversations for the FBI upon request.
I use mediaproxy for NAT traversal. So my question is how can I be CALEA compliant? I assume I should be able to modify mediaproxy to write RTP streams to disk, but I'm unclear on how to "mix" both sides of the conversation.
Can anyone help with a suggestion?
Regards, Paul
Java Rockx wrote:
Hi All.
I'm located in the US and would like to comply with the Communications Assistance for Law Enforcement Act (CALEA) that Congress passed which basically says that VoIP providers should have the ability to wiretap conversations for the FBI upon request.
I use mediaproxy for NAT traversal. So my question is how can I be CALEA compliant? I assume I should be able to modify mediaproxy to write RTP streams to disk, but I'm unclear on how to "mix" both sides of the conversation.
Can anyone help with a suggestion?
Here is one suggestion. Write a simple perl script that does the following: 1. For example if they call you up and tell you to monitor user 5050111 2. Your script will lookup him up in the location table and extract the IP ADDRESS 3. Then your script will use tcpdump to collect all incoming/outgoing traffic from that IP. 4. Then you import that capture into Ethereal and will be able to nicely decode the media stream (if its G711) into a playable file for any audio program (like Windows Media Player). 5. If you are using other codecs then simply export the RTP stream into a file and then use other software to decode it. (if its G729 for example, you can download the decoder from Voiceage).
If you want something more elaborate, you can simply route the "monitored" subs via an Asterisk server which can save and decode all audio streams into simple WAV files.
Andres.
Regards, Paul
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Why not use a from/to etc detection in .cfg (using database...) to trigger a remote proxy through the requesting agency They then have the capture issue and you have no monitor or delivery issues? Might require conditions of their placement of a proxy? (but is their problem) Regards Chris
-----Original Message----- From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Java Rockx Sent: 26 February 2005 14:29 To: serusers@lists.iptel.org Subject: [Serusers] RTP Wiretapping
Hi All.
I'm located in the US and would like to comply with the Communications Assistance for Law Enforcement Act (CALEA) that Congress passed which basically says that VoIP providers should have the ability to wiretap conversations for the FBI upon request.
I use mediaproxy for NAT traversal. So my question is how can I be CALEA compliant? I assume I should be able to modify mediaproxy to write RTP streams to disk, but I'm unclear on how to "mix" both sides of the conversation.
Can anyone help with a suggestion?
Regards, Paul
_______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
I was thinking about having a group called "spy" in the grp table and anyone with this ACL would be sent to a modified mediaproxy that would capture the RTP.
User that don't have the "spy" ACL would be handled normally and if NAT traversal is needed then use an unmodified media proxy.
Regards, Paul
On Wed, 2 Mar 2005 08:00:24 -0000, Chris ser@cannes.f9.co.uk wrote:
Why not use a from/to etc detection in .cfg (using database...) to trigger a remote proxy through the requesting agency They then have the capture issue and you have no monitor or delivery issues? Might require conditions of their placement of a proxy? (but is their problem) Regards Chris
-----Original Message----- From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Java Rockx Sent: 26 February 2005 14:29 To: serusers@lists.iptel.org Subject: [Serusers] RTP Wiretapping
Hi All.
I'm located in the US and would like to comply with the Communications Assistance for Law Enforcement Act (CALEA) that Congress passed which basically says that VoIP providers should have the ability to wiretap conversations for the FBI upon request.
I use mediaproxy for NAT traversal. So my question is how can I be CALEA compliant? I assume I should be able to modify mediaproxy to write RTP streams to disk, but I'm unclear on how to "mix" both sides of the conversation.
Can anyone help with a suggestion?
Regards, Paul
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.0 - Release Date: 25/02/2005
-- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.2 - Release Date: 28/02/2005
Paul:
This may be a little off topic but what are the legal issues you or your company face with CALEA? I'd be surprised if the integrity of the mediaproxy wouldn't become an issue if such a case went to Court. Have you look into this?
Just curious, Steve
Java Rockx wrote:
I was thinking about having a group called "spy" in the grp table and anyone with this ACL would be sent to a modified mediaproxy that would capture the RTP.
User that don't have the "spy" ACL would be handled normally and if NAT traversal is needed then use an unmodified media proxy.
Regards, Paul
On Wed, 2 Mar 2005 08:00:24 -0000, Chris ser@cannes.f9.co.uk wrote:
Why not use a from/to etc detection in .cfg (using database...) to trigger a remote proxy through the requesting agency They then have the capture issue and you have no monitor or delivery issues? Might require conditions of their placement of a proxy? (but is their problem) Regards Chris
-----Original Message----- From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Java Rockx Sent: 26 February 2005 14:29 To: serusers@lists.iptel.org Subject: [Serusers] RTP Wiretapping
Hi All.
I'm located in the US and would like to comply with the Communications Assistance for Law Enforcement Act (CALEA) that Congress passed which basically says that VoIP providers should have the ability to wiretap conversations for the FBI upon request.
I use mediaproxy for NAT traversal. So my question is how can I be CALEA compliant? I assume I should be able to modify mediaproxy to write RTP streams to disk, but I'm unclear on how to "mix" both sides of the conversation.
Can anyone help with a suggestion?
Regards, Paul
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.0 - Release Date: 25/02/2005
-- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.2 - Release Date: 28/02/2005
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Steve,
I am having a language difficulty -- what do you mean by mediaproxy's _intergrity_?
Thanks!
-jiri
At 03:51 PM 3/2/2005, Steve Blair wrote:
Paul:
This may be a little off topic but what are the legal issues you or your company face with CALEA? I'd be surprised if the integrity of the mediaproxy wouldn't become an issue if such a case went to Court. Have you look into this?
Just curious, Steve
Java Rockx wrote:
I was thinking about having a group called "spy" in the grp table and anyone with this ACL would be sent to a modified mediaproxy that would capture the RTP.
User that don't have the "spy" ACL would be handled normally and if NAT traversal is needed then use an unmodified media proxy.
Regards, Paul
On Wed, 2 Mar 2005 08:00:24 -0000, Chris ser@cannes.f9.co.uk wrote:
Why not use a from/to etc detection in .cfg (using database...) to trigger a remote proxy through the requesting agency They then have the capture issue and you have no monitor or delivery issues? Might require conditions of their placement of a proxy? (but is their problem) Regards Chris
-----Original Message----- From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Java Rockx Sent: 26 February 2005 14:29 To: serusers@lists.iptel.org Subject: [Serusers] RTP Wiretapping
Hi All.
I'm located in the US and would like to comply with the Communications Assistance for Law Enforcement Act (CALEA) that Congress passed which basically says that VoIP providers should have the ability to wiretap conversations for the FBI upon request.
I use mediaproxy for NAT traversal. So my question is how can I be CALEA compliant? I assume I should be able to modify mediaproxy to write RTP streams to disk, but I'm unclear on how to "mix" both sides of the conversation.
Can anyone help with a suggestion?
Regards, Paul
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.0 - Release Date: 25/02/2005
-- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.2 - Release Date: 28/02/2005
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
--
ISC Network Engineering The University of Pennsylvania 3401 Walnut Street, Suite 221A Philadelphia, PA 19104
voice: 215-573-8396 215-746-8001
fax: 215-898-9348
sip:blairs@upenn.edu
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
Jiri:
It is not uncommon for Lawyers in the US to question the method by which evidence was gathered. They try to create "reasonable doubt" about the charges against their client in order to get a case dismissed.
I was involved in a case a few years ago, regarding computer technology but not VoIP, and this is exactly the approach the Lawyers took.
I have not personally looked at CALEA requirements. I may have to in the future and I was just asking about mediaproxy's ability to accurately associate a recording with a phone number, date/time, location, etc.
Does this help?
-Steve
Jiri Kuthan wrote:
Steve,
I am having a language difficulty -- what do you mean by mediaproxy's _intergrity_?
Thanks!
-jiri
At 03:51 PM 3/2/2005, Steve Blair wrote:
Paul:
This may be a little off topic but what are the legal issues you or your company face with CALEA? I'd be surprised if the integrity of the mediaproxy wouldn't become an issue if such a case went to Court. Have you look into this?
Just curious, Steve
Java Rockx wrote:
I was thinking about having a group called "spy" in the grp table and anyone with this ACL would be sent to a modified mediaproxy that would capture the RTP.
User that don't have the "spy" ACL would be handled normally and if NAT traversal is needed then use an unmodified media proxy.
Regards, Paul
On Wed, 2 Mar 2005 08:00:24 -0000, Chris ser@cannes.f9.co.uk wrote:
Why not use a from/to etc detection in .cfg (using database...) to trigger a remote proxy through the requesting agency They then have the capture issue and you have no monitor or delivery issues? Might require conditions of their placement of a proxy? (but is their problem) Regards Chris
-----Original Message----- From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Java Rockx Sent: 26 February 2005 14:29 To: serusers@lists.iptel.org Subject: [Serusers] RTP Wiretapping
Hi All.
I'm located in the US and would like to comply with the Communications Assistance for Law Enforcement Act (CALEA) that Congress passed which basically says that VoIP providers should have the ability to wiretap conversations for the FBI upon request.
I use mediaproxy for NAT traversal. So my question is how can I be CALEA compliant? I assume I should be able to modify mediaproxy to write RTP streams to disk, but I'm unclear on how to "mix" both sides of the conversation.
Can anyone help with a suggestion?
Regards, Paul
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.0 - Release Date: 25/02/2005
-- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.2 - Release Date: 28/02/2005
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
--
ISC Network Engineering The University of Pennsylvania 3401 Walnut Street, Suite 221A Philadelphia, PA 19104
voice: 215-573-8396 215-746-8001
fax: 215-898-9348
sip:blairs@upenn.edu
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
At 11:26 PM 3/3/2005, Steve Blair wrote:
Jiri:
It is not uncommon for Lawyers in the US to question the method by which evidence was gathered. They try to create "reasonable doubt" about the charges against their client in order to get a case dismissed.
I was involved in a case a few years ago, regarding computer technology but not VoIP, and this is exactly the approach the Lawyers took.
I have not personally looked at CALEA requirements. I may have to in the future and I was just asking about mediaproxy's ability to accurately associate a recording with a phone number, date/time, location, etc.
So just to be safe I understand this -- are you telling "RTP proxy intergrity problem" means that a smart lawyer can attack RTP proxy as technically imperfect solution (e.g., because traffic is easy to fake) and invalidate legal value of intercepted calls?
Well, if I was the lawyer I would not hesitate to choose this practice and I would be able to generate some technical arguments too :-)
-jiri
Does this help?
-Steve
Jiri Kuthan wrote:
Steve,
I am having a language difficulty -- what do you mean by mediaproxy's _intergrity_?
Thanks!
-jiri
At 03:51 PM 3/2/2005, Steve Blair wrote:
Paul:
This may be a little off topic but what are the legal issues you or your company face with CALEA? I'd be surprised if the integrity of the mediaproxy wouldn't become an issue if such a case went to Court. Have you look into this?
Just curious, Steve
Java Rockx wrote:
I was thinking about having a group called "spy" in the grp table and anyone with this ACL would be sent to a modified mediaproxy that would capture the RTP.
User that don't have the "spy" ACL would be handled normally and if NAT traversal is needed then use an unmodified media proxy.
Regards, Paul
On Wed, 2 Mar 2005 08:00:24 -0000, Chris ser@cannes.f9.co.uk wrote:
Why not use a from/to etc detection in .cfg (using database...) to trigger a remote proxy through the requesting agency They then have the capture issue and you have no monitor or delivery issues? Might require conditions of their placement of a proxy? (but is their problem) Regards Chris
-----Original Message----- From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Java Rockx Sent: 26 February 2005 14:29 To: serusers@lists.iptel.org Subject: [Serusers] RTP Wiretapping
Hi All.
I'm located in the US and would like to comply with the Communications Assistance for Law Enforcement Act (CALEA) that Congress passed which basically says that VoIP providers should have the ability to wiretap conversations for the FBI upon request.
I use mediaproxy for NAT traversal. So my question is how can I be CALEA compliant? I assume I should be able to modify mediaproxy to write RTP streams to disk, but I'm unclear on how to "mix" both sides of the conversation.
Can anyone help with a suggestion?
Regards, Paul
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.0 - Release Date: 25/02/2005
-- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.2 - Release Date: 28/02/2005
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- ISC Network Engineering The University of Pennsylvania 3401 Walnut Street, Suite 221A Philadelphia, PA 19104
voice: 215-573-8396 215-746-8001
fax: 215-898-9348
sip:blairs@upenn.edu
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
-- Jiri Kuthan http://iptel.org/~jiri/
The challenge with this approach is how you make intercepted calls non-distinguishable from regular calls. The intercepted party may watch signaling and notice service provider's IP addresses. Also, the quality may degrade through use of RTP relay.
A possible option is to ingore this problem.
Other option would be to implement interception in edge routers. Obviously, it is not an easy one.
-jiri
At 01:16 PM 3/2/2005, Java Rockx wrote:
I was thinking about having a group called "spy" in the grp table and anyone with this ACL would be sent to a modified mediaproxy that would capture the RTP.
User that don't have the "spy" ACL would be handled normally and if NAT traversal is needed then use an unmodified media proxy.
Regards, Paul
On Wed, 2 Mar 2005 08:00:24 -0000, Chris ser@cannes.f9.co.uk wrote:
Why not use a from/to etc detection in .cfg (using database...) to trigger a remote proxy through the requesting agency They then have the capture issue and you have no monitor or delivery issues? Might require conditions of their placement of a proxy? (but is their problem) Regards Chris
-----Original Message----- From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Java Rockx Sent: 26 February 2005 14:29 To: serusers@lists.iptel.org Subject: [Serusers] RTP Wiretapping
Hi All.
I'm located in the US and would like to comply with the Communications Assistance for Law Enforcement Act (CALEA) that Congress passed which basically says that VoIP providers should have the ability to wiretap conversations for the FBI upon request.
I use mediaproxy for NAT traversal. So my question is how can I be CALEA compliant? I assume I should be able to modify mediaproxy to write RTP streams to disk, but I'm unclear on how to "mix" both sides of the conversation.
Can anyone help with a suggestion?
Regards, Paul
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.0 - Release Date: 25/02/2005
-- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.2 - Release Date: 28/02/2005
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
If the modified RTP and non-modified RTP modules are on the same machine and most regular calls are already making use of the RTP, then the IP's shouldn't change at all. So the parties involved in the tapping will still see the same IP address at the providers end, which shouldn't give it away if they are being tapped.
It would be nice to ignore, but when the authorities come to the front desk with orders to tap and collect, there needs to be a means to do that so that you don't end up getting slapped with an Obstruct justice charge. So there does need to be a method available, or work around, to impliment to comply with the orders.
Terry ----- Original Message ----- From: "Jiri Kuthan" jiri@iptel.org To: "Java Rockx" javarockx@gmail.com; ser@cannes.f9.co.uk Cc: serusers@lists.iptel.org Sent: Thursday, March 03, 2005 4:01 PM Subject: Re: [Serusers] RTP Wiretapping
The challenge with this approach is how you make intercepted calls non-distinguishable from regular calls. The intercepted party may watch signaling and notice service provider's IP addresses. Also, the quality may degrade through use of RTP relay.
A possible option is to ingore this problem.
Other option would be to implement interception in edge routers. Obviously, it is not an easy one.
-jiri
At 01:16 PM 3/2/2005, Java Rockx wrote:
I was thinking about having a group called "spy" in the grp table and anyone with this ACL would be sent to a modified mediaproxy that would capture the RTP.
User that don't have the "spy" ACL would be handled normally and if NAT traversal is needed then use an unmodified media proxy.
Regards, Paul
On Wed, 2 Mar 2005 08:00:24 -0000, Chris ser@cannes.f9.co.uk wrote:
Why not use a from/to etc detection in .cfg (using database...) to trigger a remote proxy through the requesting agency They then have the capture issue and you have no monitor or delivery issues? Might require conditions of their placement of a proxy? (but is their problem) Regards Chris
-----Original Message----- From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Java Rockx Sent: 26 February 2005 14:29 To: serusers@lists.iptel.org Subject: [Serusers] RTP Wiretapping
Hi All.
I'm located in the US and would like to comply with the Communications Assistance for Law Enforcement Act (CALEA) that Congress passed which basically says that VoIP providers should have the ability to wiretap conversations for the FBI upon request.
I use mediaproxy for NAT traversal. So my question is how can I be CALEA compliant? I assume I should be able to modify mediaproxy to write RTP streams to disk, but I'm unclear on how to "mix" both sides of the conversation.
Can anyone help with a suggestion?
Regards, Paul
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.0 - Release Date: 25/02/2005
-- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.2 - Release Date: 28/02/2005
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Jiri,
Do you think ser will eventually acquire wiretapping capabilities?
Regards, Paul
On Thu, 3 Mar 2005 17:18:32 -0500, Terry Mac Millan serweb@finian.net wrote:
If the modified RTP and non-modified RTP modules are on the same machine and most regular calls are already making use of the RTP, then the IP's shouldn't change at all. So the parties involved in the tapping will still see the same IP address at the providers end, which shouldn't give it away if they are being tapped.
It would be nice to ignore, but when the authorities come to the front desk with orders to tap and collect, there needs to be a means to do that so that you don't end up getting slapped with an Obstruct justice charge. So there does need to be a method available, or work around, to impliment to comply with the orders.
Terry ----- Original Message ----- From: "Jiri Kuthan" jiri@iptel.org To: "Java Rockx" javarockx@gmail.com; ser@cannes.f9.co.uk Cc: serusers@lists.iptel.org Sent: Thursday, March 03, 2005 4:01 PM Subject: Re: [Serusers] RTP Wiretapping
The challenge with this approach is how you make intercepted calls non-distinguishable from regular calls. The intercepted party may watch signaling and notice service provider's IP addresses. Also, the quality may degrade through use of RTP relay.
A possible option is to ingore this problem.
Other option would be to implement interception in edge routers. Obviously, it is not an easy one.
-jiri
At 01:16 PM 3/2/2005, Java Rockx wrote:
I was thinking about having a group called "spy" in the grp table and anyone with this ACL would be sent to a modified mediaproxy that would capture the RTP.
User that don't have the "spy" ACL would be handled normally and if NAT traversal is needed then use an unmodified media proxy.
Regards, Paul
On Wed, 2 Mar 2005 08:00:24 -0000, Chris ser@cannes.f9.co.uk wrote:
Why not use a from/to etc detection in .cfg (using database...) to trigger a remote proxy through the requesting agency They then have the capture issue and you have no monitor or delivery issues? Might require conditions of their placement of a proxy? (but is their problem) Regards Chris
-----Original Message----- From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Java Rockx Sent: 26 February 2005 14:29 To: serusers@lists.iptel.org Subject: [Serusers] RTP Wiretapping
Hi All.
I'm located in the US and would like to comply with the Communications Assistance for Law Enforcement Act (CALEA) that Congress passed which basically says that VoIP providers should have the ability to wiretap conversations for the FBI upon request.
I use mediaproxy for NAT traversal. So my question is how can I be CALEA compliant? I assume I should be able to modify mediaproxy to write RTP streams to disk, but I'm unclear on how to "mix" both sides of the conversation.
Can anyone help with a suggestion?
Regards, Paul
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.0 - Release Date: 25/02/2005
-- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.2 - Release Date: 28/02/2005
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
We have built such. -jiri
At 12:35 AM 3/4/2005, Java Rockx wrote:
Jiri,
Do you think ser will eventually acquire wiretapping capabilities?
Regards, Paul
On Thu, 3 Mar 2005 17:18:32 -0500, Terry Mac Millan serweb@finian.net wrote:
If the modified RTP and non-modified RTP modules are on the same machine and most regular calls are already making use of the RTP, then the IP's shouldn't change at all. So the parties involved in the tapping will still see the same IP address at the providers end, which shouldn't give it away if they are being tapped.
It would be nice to ignore, but when the authorities come to the front desk with orders to tap and collect, there needs to be a means to do that so that you don't end up getting slapped with an Obstruct justice charge. So there does need to be a method available, or work around, to impliment to comply with the orders.
Terry ----- Original Message ----- From: "Jiri Kuthan" jiri@iptel.org To: "Java Rockx" javarockx@gmail.com; ser@cannes.f9.co.uk Cc: serusers@lists.iptel.org Sent: Thursday, March 03, 2005 4:01 PM Subject: Re: [Serusers] RTP Wiretapping
The challenge with this approach is how you make intercepted calls non-distinguishable from regular calls. The intercepted party may watch signaling and notice service provider's IP addresses. Also, the quality may degrade through use of RTP relay.
A possible option is to ingore this problem.
Other option would be to implement interception in edge routers. Obviously, it is not an easy one.
-jiri
At 01:16 PM 3/2/2005, Java Rockx wrote:
I was thinking about having a group called "spy" in the grp table and anyone with this ACL would be sent to a modified mediaproxy that would capture the RTP.
User that don't have the "spy" ACL would be handled normally and if NAT traversal is needed then use an unmodified media proxy.
Regards, Paul
On Wed, 2 Mar 2005 08:00:24 -0000, Chris ser@cannes.f9.co.uk wrote:
Why not use a from/to etc detection in .cfg (using database...) to trigger a remote proxy through the requesting agency They then have the capture issue and you have no monitor or delivery issues? Might require conditions of their placement of a proxy? (but is their problem) Regards Chris
-----Original Message----- From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Java Rockx Sent: 26 February 2005 14:29 To: serusers@lists.iptel.org Subject: [Serusers] RTP Wiretapping
Hi All.
I'm located in the US and would like to comply with the Communications Assistance for Law Enforcement Act (CALEA) that Congress passed which basically says that VoIP providers should have the ability to wiretap conversations for the FBI upon request.
I use mediaproxy for NAT traversal. So my question is how can I be CALEA compliant? I assume I should be able to modify mediaproxy to write RTP streams to disk, but I'm unclear on how to "mix" both sides of the conversation.
Can anyone help with a suggestion?
Regards, Paul
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.0 - Release Date: 25/02/2005
-- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.5.2 - Release Date: 28/02/2005
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-- Jiri Kuthan http://iptel.org/~jiri/
At 11:18 PM 3/3/2005, Terry Mac Millan wrote:
If the modified RTP and non-modified RTP modules are on the same machine and most regular calls are already making use of the RTP, then the IP's shouldn't change at all. So the parties involved in the tapping will still see the same IP address at the providers end, which shouldn't give it away if they are being tapped.
most of calls do use RTP but that can't be said about RTP relay. RTP relay is not used that frequently (at least in well engineered setups), which is good. Constant use of RTP relay is a poor setup having bad impact on QoS and scalability.
It would be nice to ignore,
I suggest reading before replying would better facilitate the technical discussion here. I actually didn't suggest to ignore LI. I suggested ignoring the possibility of advanced caller to learn that a call is not routed peer-to-peer. Other alternatives may be that expensive or hard-to-build that they do not appear entirely practicable.
-jiri
-
Andres -
Chris -
Java Rockx -
Jiri Kuthan -
Steve Blair -
Terry Mac Millan