[LINK] Resilient Broadband Network needed for Australia

Kim Holburn kim.holburn at gmail.com
Fri May 9 07:19:47 AEST 2008 

On 2008/May/08, at 2:26 PM, Glen Turner wrote:

> On Thu, 2008-05-08 at 13:55 +0200, Kim Holburn wrote:
>> Oh, it's not all the telcos fault, there's probably another elephant
>> in the room.  VOIP calls are much harder to eavesdrop on, Skype calls
>> an order of difficulty harder again.  There are vested interests who
>> don't want VOIP as part of the infrastructure until that's sorted.   
>> It
>> may have already happened by then though.
>
> The government requires an Interception Capability Plan. The
> technical details are left to the telco.
>
> Most SIP-based networks meet the interception requirement by
> routing intercepted calls through a Session Border Controller
> and using it to duplicate the call data. This requires the
> SIP call router (a "SIP proxy") to have a small additional
> capability (mainly auditing, so that you can demonstrate
> that each interception has a warrant).

I can't see how this would stop peer to peer VOIP connections like  
skype or direct IP to IP connections like iCHAT or other softphones.
If a company or an ISP which is forcing VOIP through a transparent  
proxy how would it handle encrypted calls?.  Even if they had a skype  
supernode and they managed to force all traffic through it somehow I  
can't see that they could monitor the audio as skype is encrypted.   
Surely on any reasonably open network like most universities a VOIP  
proxy could easily be bypassed.

It's not going to be in a company's interest generally, to stop its  
own people making free calls (like skype) although it may be in the  
ISPs interest or governments' interests to listen in.

Sounds like it wouldn't catch anyone who didn't want to be caught.

Do all ISPs have to do this?  I can imagine a VOIP call around the  
world going through several of these proxies in several countries,  
especially perhaps the "internet hub" and being listened to by various  
governments (not a pretty picture really).  Wouldn't that slow it down  
considerably?  How many varieties of VOIP protocols would you have to  
have in you proxy to catch all VOIP calls and without trashing them?   
Doesn't sound all that easy to me.

> The SBC routes the interception stream to a SIP terminal, to
> which you attach a PSTN phone line which the intercepting
> agency can call and record in their usual fashion.
>
> Non-intercepted calls don't need to go through the SBC (although
> there are other good reasons to do that, such as limiting misuse
> of your voice QoS class).


How many audio calls are really going to bother your QoS (assuming  
your calls are limited to networks that honour your QoS)?  Maybe video  
calls might make a dent, or internet radio and TV perhaps or even  
youtube.

--
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294  M: +39 3494957443
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

More information about the Link mailing list