[Asterisk-Users] Legal Interception - tapping

John Todd jtodd at loligo.com
Fri Sep 12 12:07:00 MST 2003 

[top-posting madness continued]

Instead of making Asterisk do this work, wouldn't it make more sense 
to just have a "smart" ethernet sniffer that handled the whole 
transaction?  I have no details on it, but I would guess that the 
previously-named "Carnivore" project here in the USA and it's related 
brethren elsewhere are probably capable of such intercept if they 
have visibility of all SIP setup and RTP packets.

Extracting those features out into a commercial product would not be 
terribly difficult, and I strongly suspect if I spent a few hours 
with Google I would find a vendor already selling such a product for 
an eye-popping sum of money.


That being said against modifying Asterisk, here is an agreeing view:

Asterisk already has the ability to record specific conversations 
with fairly simple dialplan logic, as I've demonstrated with my 
sample files.  A clever programmer could modify Dave Troy's "ZapScan" 
application to use any channel type, I'm sure, and relay that 
information out to an alternate channel that turned voice streams to 
.mp3 codec form to be streamed to some local relay agent (shoutcast, 
icecast) and from there across a VPN to Langley, Linthicum, or your 
local sheriff's office.  Since Asterisk can record things already, 
that's a "given".   With 250gb disks now commonplace, I can fit a 
terabyte into a 1u PC.  Let's see... with GSM files being ~100kb per 
minute of two-leg conversations, and let's say 1 entire PRI at 50% 
usage (yes, that's a high Erlang, but this is back-of-napkin) that 
turns into (very roughly) almost two years of recording of every 
single conversation on a PRI.

I'm sure someone could make a tidy sum of money deploying this type 
of system, even if they gave the modifications back to the community 
as per the GPL license as they are obligated to do if it becomes a 
"resold product".  A T400P card in a good-quality rackmount PC (total 
cost for both, with a terabyte of disk: ~$5200) could become a 
completely "transparent" monitoring system that could be inserted at 
the carrier's office or even closer, and the subscriber to the PRI 
would never know it was there.  As long as there was Internet access 
somehow, this could be monitored and commanded remotely.  Law 
enforcement is always willing to pay good money to technical firms to 
install stuff, even if it's open-source.

In short: Asterisk is already an almost-ideal call recording platform 
with no modifications.  With few modifications, it could easily work 
as a "live" intercept system with incredible flexibility.

(PS: I am a consultant, so any law enforcement agencies reading this 
should feel free to shower me with money.)

(PPS: Ethical note - I am a big fan of strong crypto, individual 
rights, and a rollback of many of the current "basic rights" 
encroachments that have occurred in the recent years in the US (and 
even in the EU.)  However, I also recognize the completely legitimate 
and necessary use of wiretaps in circumstances that are legally 
warranted, and I believe that law enforcement should use every tool 
that they are legally allowed.)

JT


>My 5 cents ...
>
>Since the ideal situation would be real-time monitoring then maybe a 
>more effective solution would be to sample/duplicate the packets in 
>the IP layer rather than expecting Asterisk to perform yet another 
>auxiliary function.
>
>Cisco like most vendors are in a position were they have to provide 
>Lawful Intercept capabilities within their own (VoIP & IP) platforms 
>very quickly to support the new European regulations. As a result of 
>this a new feature will soon be available in Cisco IOS allowing 
>routers (or AS5300's for that matter) to copy all inbound/outbound 
>packets onto another interface or even re-write the destination 
>address providing the capability to 'sniff' all IP (RTP/SIP) packets 
>and route them off to another box.
>
>That other box could be another instance of Asterisk dedicated for 
>the purpose or purely a replicated real-time packet stream routed 
>directly to the authorities intercept platforms.
>
>
>>  -----Original Message-----
>>  From: Andrew Joakimsen [mailto:andrew at envisionstudio.net]
>>  Sent: 12 September 2003 04:33
>>  To: asterisk-users at lists.digium.com
>  > Subject: RE: [Asterisk-Users] Legal Interception - tapping
>  >
>  > > -----Original Message-----
>>  > From: asterisk-users-admin at lists.digium.com [mailto:asterisk-users-
>>  > admin at lists.digium.com] On Behalf Of Brian West
>>  > Sent: Thursday, September 11, 2003 10:20 PM
>>  > To: asterisk-users at lists.digium.com
>>  > Subject: RE: [Asterisk-Users] Legal Interception - tapping
>>  >
>>  > pamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
>>  >
>>  > > issue. If they are using Asterisk is it not possible to
>>  record calls
>>  > > automatically. I have not reviews the CALEA requirements, must
>>  access be
>>  >
>>  > Yes it is very possible to record calls with *.  I record all in and
>>  > outbound calls.
>>  >
>>  > bkw
>>
>>  I phrased that incorrectly, I have way too much email to look at....
>>
>>  I know it is possible to record calls, it will record them to a
>>  directory you define on the server. But are you required to provide
>>  archives/recordings of the calls or permit real-time tapping?
>  >
>  >

More information about the asterisk-users mailing list