Just wondering if anyone has had a chance to setup and test the calea packages (hopefully not via a LEA request!)....

按计划工作好吗?

What type of device did you end up using as the Calea server?

Any other suggestions?

-thanks
Kyle

I have done that long time ago (about the time calea appeared in ROS) and it worked fine for the test setup. The target machine was a regular PC with some average specifications. Fortunately, never had the need to deploy this in a production environment

Here is a problem im running into, in my head...

we have 2 upstream providers in 2 seperate physical locations geographically, for our network....how can I do that?

have a network tap at both head ends....and have 1 calea logging server?

-kyle

You will need two taps. One for each chain.
You will need atleast one mediation device (collection server) (If the link between the sites is fast enough)
I would NOT count on this.
You will probably want a mediation device on each "string".. YOU MUST NOT LOOSE PACKETS !!

There are some updates to the CALEA package in the works related to out of band data as well as using TCP ( I seem to remember) rather that UDP for sending the stream to the mediation device.

I dont think you need two tapps for each string, as you can create multiple rules for packets going to and from the target device, You can create the tapps so that ANY source to the target or any destination from the target can be captured... so even with two upstream connections per network "string / pathway", it shuld not matter... it is the path from the target to the tap that is important. The Tapp must be able to "see" the packets (they must pass thru the tap device) and the tapp must be able to identify the traffic as belonging to the target device..

Yea, this site is connected with a oc3, with little traffic in all reality, so having 2 taps and 1 mitigation server would actually be feasible until the amount of data increases....

Ill have to try that option first

-kyle