I have a few questions on CALEA…
Is there a roadmap on enhancements /features yet ?
Here is why I ask..
Performance / stability on 532: (older) seems to be an issue ( “probe” stops sendong packets randomly) On i386 woorks great. I am attributing this to memory limits…
Security: Files created are visible to all with “sniff” access.. (via FTP etc) ( I have not tried to look with user access not set to sniff but ALL sniff users do) (unless I foobarred the user setup)
No client side control: IE one LEA can see another LEA data..
RAID for captures.. I have not seen a SATA raid adapter (yet) that is seen as a mirror set and not a primary / secondary.
If the packages are “stable” then I will write code to move the files to a RAID box that will “pull” the filess off the “CALEA server / router” so that it provides SFTP to the LEA, RAID for storage, logging of automation and LEA activity. and provides security so that one LEA can’t see another’s data files. (also admin controle IE: Admin A cant see Admin B’s data)
I will wait to hear back so that efforts arrent duplicated..
MikroTik is better at writting code that I would ever be…
Craig
- I will send a couple of SupOuts from a pair of RB500s that exibit the issue..
When the rule is creaded, it works fine for a while… then it will just stop. (within 1 hr)
and will not begin again untill the rules are deleted and re-created.
Again I think I may have too many packages loaded as thiese are test boxes.
2)I can see this and makes sense, but what if a target is a member of sniff ?
3)According to the seminar if Orlando, if the FBI askes for data, and the CIA asks for data, we must provide data to both, but neither can know about each other’s request or even that the other is asking… with the present access ctrl to the FTP server, there is no way to provide for “seporarion”
4)This was the result of a conversation with a certain “ciggar lover” (I dont want drop names to protect the possably
inebriated 
) after one of the sessions in Orlando..
I mentioned to him that I was concerned about storring data that was so important on a non RAID medium.
He mentioned that there were “options” IE SATA mirroring or even IDE over TCPIP.
If SATA mirroring is not going to be supported, then I can deal with that…
If the storage dirrectory structure is stable, than I will work on a method to move tha data to a device that supports SFTP and client control as well as RAID for the storage medium… I have been talking with a MFG of NAS devices runing Windows storage server about seeing if I can get a licencing waiver for the application needed to move the data from the router / storage server to the NAS for LEA storage / delivery.
The idea would be let the “CALEA Server” pick up the stream process it into data and hash sets and then pick them up off the CALEA server an move them to the NAS device for delivery to the LEA as well as archival of the hash files.
It would then remove the file/s from the router / calea server to keep the file system clear.
I may seem like I am over reacting to the whole CALEA issue, but I have potential clients that are more paranoid that I am…
I want to market RouterOS as a vital part of my client’s CALEA stratigie.
Dont’ get me wrong… I am not knocking the CALEA package… Far from it… without the work done here we would all be in a load of trouble and would all be scrambling to figure out what to do…
I just want to be able to offer a turn key (or as close as possable) solution to clients that must comply with this @#@#$$#@#@$$#%^%$&%$#@ law… Thank You Uncle Sam !!!
I must admit… this law has forced the creation of a helpfull tool for the corporate world…
If you suspect that a user is up to no good, you can now easaly sniff his stream and tear it appart later to see what they are up to.. as well as have proof that is backed by hash files if legal action is nessisary (if it works for Uncle Sam it “Should” work for us (yeh right…))
Hows that for talking out both sides of my mouth ?? Quite talanted if I do say so myself !!!
Have a great one !!!
Craig