I have recently purchased and setup a Nanostation2, yielding the exact results I was hoping for :D

So, now I am ready to begin setting up customers and begin billing. By doing so I am looking for a simple solution to cover my butt legally (lol)! I am somewhat familiar with the concept of CALEA regulations, and realize I MUST comply!!

Is there a way that I can setup a simple server that would monitor the traffic (preferably an open source setup)? That way if somebody starts dl'ing some perverted or other such material I can stop & report, or at least have a record of whoever would do that.

Also, any help or advice regarding the setup of a splash page (without flashing the firmware) would be greatly appreciated.

The Nanostation is setup as a regular AP, broadcasting to at most 25 people. I will have discounted yearly subscriptions as well as monthly, and possibly hourly plans.

Thank you for any help / suggestions!!

Jason


**EDIT** I have come across software called ZoneCD which would appear to cover a good bit of what I mentioned. Does anyone have any experience with this software, or can anyone recommend better software?
Thanks again,

-Jason

CALEA regulations and simple are mutually exclusive.

You can use Mikrotik, but other than a few mystical incantations...I've never seen any real step by step documentation on how to do it.

I realize CALEA regulations are not an exact science... to say the least... lol!
(you are the one that even brought CALEA to my attention WHT!)

Could you check out this ZoneCD and let me know what you think?

http://www.publicip.net/

I'd really appreciate it!

-Jason

I played with it about two years ago, but really didn't have time to do a test implementation. It *is* easy to set up, as I recall.

Thanks WHT, I always appreciate your help!

I will set it up and play with some of it's features. My biggest issue is that I don't want my customers that have already paid for service to have to log in through the splash page every time they want to access the internet!

I'll report back on my findings in case anyone else finds this info. useful!

-Jason

i guessing something like http://www.bandwidtharbitrator.com/ + some hotspot software/device is what your looking for ( if I recall correctly it is calea ready )
the free open source one is fully functional but lackes a gui and tech support

i guessing something like http://www.bandwidtharbitrator.com/ + some hotspot software/device is what your looking for ( if I recall correctly it is calea ready )
Yup...the NetEqualizer is pretty good. Well worth the $2,000 base price.

Thanks for the info.

I have been linked to the netequalizer site before, and I think it is a great product, however it's just not economically feasible for me right now. Maybe later when I can provide a greater coverage area it will be.

I am looking closely at the CALEA code and will check to see if the ZoneCD has the capabilities to conform (I like it because it's free :D )

-Jason

The bandwidth arbitraitor version is free but requires a linux guru to setup
Neteq is the full monty paid version of the aribitrator open source code

I would like to setup the arbitrator, but am not nearly qualified to do so (ie. linux noob).

However, everything I come across seems to be linux based in some way. Even the "easy to setup" (I say in quotes because I have had some issues with zonecd itself) IPConfig solution runs on a linux live cd.

Maybe I should get more acquainted with this friendly little open source O/S :lol:

I have come across some super simple options, but they require flashing the N2's firmware (and I happen to like AirOS).

Will keep posted on what I come up with under tight budget constraints.

-Jason

New problem!! :lol:

So I have ZoneCD setup and working perfectly, but there is one MAJOR flaw in their software design. It only allows the admin to block mac's... I'm looking to only allow access to specific mac's.

O.K. so they have a user and password registration feature which would suffice..... if it worked! :o

For some reason 2 people can simultaneously access the same user & pass and browse the net. Not quite what I was looking for!

So I am hoping that somebody can tell me that AirOS has built in MAC filtering (only to ALLOW), and if so... how the heck do I set that up!

I'm quite upset with the ZoneCD user admin system (that's why I may sound a bit testy). I can't have my clients giving their passwords away and snickering behind my back :lol:

Thanks for any info.

-Jason

You don't need to control access rights to be CALEA compliant. My understanding of CALEA is:


1) you need to collect RAW traffic data for specific target identified by LEO
2) you need to be inconspicous about it
3) once data is collected you need to make it available for download
4) keep MD5 of data collected indefinitely
5) one cannot charge for making your network CALEA compliant but you can charge for time and bandwith used to collect and send data.

cheers,
Michael

1) i hate my life :lol:
2) how can any LEO expect someone to hold data indefinitely?! :? totally absurd lol

I am still searching for a **FREE** packet & source capturing app. Any suggestions?

Thanks

-Jason

You only have to hold the data for the duration of the tap. If they want you to keep a tap alive for more than a year, they are on a fishing expedition.

Of course, you can bill them for your services while the tap is working.

Holy $&#*!

I came across a nice little program called Wireshark, a beautiful packet capture app.

I set this up to run off a spare U3 drive I had lying around. SUPER EASY!!!

I'm thinking of just having a Win XP desktop always running between the AP and the router with Wireshark on.

Please tell me that this is CALEA compliant!! lol

1) i hate my life :lol:
2) how can any LEO expect someone to hold data indefinitely?! :? totally absurd lol

I am still searching for a **FREE** packet & source capturing app. Any suggestions?

Thanks

-Jason

You don't have to keep all the data. It is suggested however that you take MD5 hash of the resulted file to prove data was unaltered during the investigation.

i see :shock: lol, but no really.


I will be using Wireshark to keep a record of a bunch of stuff (I'm new to packet sniffing), and I am hoping that the gobs of info. that it collects will comply with CALEA standards!!

(I've always wanted to use "gobs" in a sentence!)

-Jason

any updates?

Netequalizer released the "Netequalizer-Lite" a few weeks ago. It's cheaper than the regular version but does most of the same stuff. Its mentioned in the May newsletter -- http://www.netequalizer.com/newsletters/NetEqualizerMay2009.html

Thanks for the info.

I have been linked to the netequalizer site before, and I think it is a great product, however it's just not economically feasible for me right now. Maybe later when I can provide a greater coverage area it will be.

I am looking closely at the CALEA code and will check to see if the ZoneCD has the capabilities to conform (I like it because it's free :D )

-Jason

But the LITE version doesn't appear to be scalable past 100 users. :cry:

I've seen different things. I think it's recommended for 100 users or so, but in some cases can handle up to 200 depending on what you're doing. The newsletter says 200 but the site (http://www.netequalizer.com/neteqpricelist.php) says 100. So, I'm guessing it's usually somewhere in between.

My biggest issue is that I don't want my customers that have already paid for service to have to log in through the splash page every time they want to access the internet!
Old thread, but I'm working on a system where the user actually does have to log in each time.

http://www.dslreports.com/forum/r24852184-Addition-Log-In-Credentials