Page 425 - Handbook of Modern Telecommunications
P. 425

3-216                   CRC Handbook of Modern Telecommunications, Second Edition

              •   Trace route commands. These display the router hops that a subject’s Internet traffic traverses
                 to/from a given destination. Any change from the ordinary could imply the introduction of an
                 interception router or other device. However, the proper use of interception probes can avoid the
                 introduction on new router hops.
              •   Unusual signaling activity in their modem, voice-over-IP interface box, or other hardware. These
                 devices carry important identification and traffic information associated with the user, but can
                 reveal interception activity to the interception target. Therefore it is not recommended that LI
                 probe customer premises equipment (CPE); this process poses risks for the LEAs especially when
                 the devices are tampered with by the users.
              •   Degradation or interruptions of service. These are obvious factors in arousing suspicion by the
                 targets that surveillance might be taking place.

            3.8.7.2  Access Function Implementation Approaches
            The basic choices for access are:
              •   Network or service element as data source
              •   Probes as data source

              If the network or service element is the choice, the following issues should be addressed in greater detail:
              •   Restricted in location within the network to where access, routing, or service is performed
              •   May be limited to seeing only compressed/encrypted traffic
              •   May require interception in multiple elements
              •   May require sophisticated association data exchange
              •   Provisioning and delivery require multiple different interfaces
              In addition, any additional function, hardware or software, may impact the network or service ele-
            ment in delivering the expected performance. Observations show that incorporating data collection
            functions for usage-based billing onto routers, causes their performance to be significantly impacted.
              The issues with probes are:

              •   Potential for reuse for other applications
              •   An additional non-service-element device to put in the network
              •   More flexibly able to comply with future requirements
            3.8.7.3  Use of Probes
            When the decision is for probes, four questions should be addressed:
              •   Active or passive probes
              •   Software or hardware probes
              •   Dedicated or shared probes
              •   Flow-based analysis probes
            3.8.7.3.1  Active versus Passive Probes
            When an active probe becomes part of the network, the consequences are:
              •   Can be guaranteed to capture all traffic that flows through it
              •   Must be costly to deploy as it must be engineered to avoid impact on the network
              •   Alternatively, impact on the network is likely affecting reliability, latency and jitter

              A passive probe is just listening to the traffic. Even in this passive role, sufficient speed of processing
            is required. The consequences are:
              •   No impact on service network and consumers
              •   Requires statistical method to prove reliability
   420   421   422   423   424   425   426   427   428   429   430