I was at Cisco when both TR-69 and CALEA support were active topics of
discussion and development.
CALEA support was required of us in order to sell equipment to all the big
Telco companies, because governments required those companies to allow law
enforcement to do local imtercept. It was never part of any consumer or
small business router or switch. It only went into the big routers and
switches that go into big central offices.
TR-69 came about as a reaction to CableLabs DOCSIS standard for remote
management of cable modems. Before this, every cable modem vendor had a
proprietary management protocol and applications and cable companies either
got locked in to one vendors modems, or had a terrible patchwork of
management applications. DOCSIS was a standard adopted by the cable
companies and forced on the modem vendors to help clean that up.
Meanwhile the DSL services and modem vendors were headed down the same road
and said they could come up with something better, that would also address
some problems specific to DSL. So they came up with the competing TR-69
standard.
Both DOCSIS and TR-69 have the capability to set up packet captures, and
filters and triggers for those captures. This was intended as a debugging
tool, but could certainly be used to ease drop. Neither would be very
efficient for capturing lots of local traffic and sending it someplace.
Capturing at the CO is more efficient on a working connection.
Steve
On Friday, December 6, 2013, Charles N Wyble wrote:
Would someone mind setting reply to list instead of
sender?
-------- Original Message --------
From: Charles N Wyble <charles(a)thefnf.org <javascript:;>>
Sent: Fri Dec 06 08:29:40 CST 2013
To: Mitar <mitar(a)tnode.com <javascript:;>>
Subject: Re: [Mesh] NSA and OpenWRT
Calea doesn't need to mod the end modem to do interception. If you are
transiting the modem, you are going through the CO, where they can tap.
Tr069 is a really nice standard for mass configuration at scale. Open
source bits exist, I've not been able to play with them yet.
So the linked technologies aren't really in support of the articles main
point.
Now in the case of all in one residential gateways, internal traffic is
very susceptible to intercept.
My home network is setup like this
Cable modem -> pfsense edge router -> core switch (cisco 3550) -> core ap
(wndr3800 running openwrt).
I've also tapped the outside of the pfsense (modem Ethernet side) and seen
very large amounts of neighborhood WAN traffic. So I don't even need to be
the government or telco to spy. Just think, they only need to comp some
modems per neighborhood to see everything.
I run all my DNS lookups over a VPN connection to a non logging resolver
in an on net facility. I've considered running all my traffic out the Colo
and via tor, but I'm not that paranoid yet. He he.
Interesting article for sure. Remember that openwrt can be comped as well
and WiFi can be trivially tapped.
Mitar <mitar(a)tnode.com <javascript:;>> wrote:
--
Charles Wyble charles(a)thefnf.org <javascript:;>
818 280 7059
CTO / co founder
thefnf.org and guifi.us
--
Charles Wyble charles(a)thefnf.org <javascript:;>
818 280 7059
CTO / co founder
thefnf.org and guifi.us
_______________________________________________
mesh mailing list
mesh(a)lists.sudoroom.org <javascript:;>
http://lists.sudoroom.org/listinfo/mesh
--
-steve