ILD Interception

ILD- Interception
Need of LI for IPLC

ILD Interception is a complete solution that is capable of handling both circuit switch and packet switch traffic from both legacies as well as the latest telecom technologies. Telecom Regulators mandate every service provider to implement a Lawful Interception System to facilitate the interception of all kinds of interfaces over which Leased Line services are provided by the operator based on the criteria defined by Law Enforcement Agencies. Also, as per the License granted to the IPLC provider, it is mandatory for the operator to fulfill the following Lawful Interception: 

The Licensee shall take IPLC from the licensed ILDOs. The interception and monitoring of Resellers circuits shall take place at the Gateway of the ILDO from whom the IPLC has been taken by the Licensee. 

The provisioning for Lawful Interception & Monitoring of the Resellers’ IPLC shall be done by the ILD Operator and the concerned ILDO shall be responsible for Lawful Interception and Monitoring of the traffic passing through the IPLC. The Resellers shall extend all cooperation in respect of interception and monitoring of its IPLC and shall be responsible for the interception results. The Licensee shall be responsible to interact, correspond and liaise with the licensor and security agencies with regard to the security monitoring of the traffic.  

The Licensee shall, before providing an IPLC to the customer, get the details of services/equipment to be connected on both ends of IPLC, including type of terminals, data rate, actual use of circuit, protocols/interface to be used etc. The Resellers shall permit only such type of service/protocol on the IPLC for which the concerned ILDO has capability of interception and monitoring.

Without prejudice to the liability of ILDO, the Licensee shall pass on any direct request placed by security agencies on him for interception of the traffic on their IPLC to the concerned ILDOs within two hours for necessary actions.  

The Licensee shall ensure that necessary provision (hardware/ software) is available in their equipment for doing the Lawful interception and monitoring from a centralized location. 

The Licensee shall provide at its own cost technical facilities for accessing any port of the switching equipment at the HUB for interception of the messages by the designated authorities at a location to be determined by the Licensor.  

iNterceptor: Lawful Interception of IPLC Network

PertSol iNterceptor is a unified Lawful Interception System for network operators and service providers which is fully compliant with international standards and has a proven track record. It is a complete solution that is capable of handling both circuit switch and packet switch traffic from both legacies as well as the latest telecom technologies including PSTN, 2G, 3 G, 4G, 5G, NGN, IMS, IPLC, and others.

The core purpose of iNterceptor is to intercept the traffic and convert intercepted traffic into a format suitable for delivery to National Authorities or Law Enforcement Agencies, over a secure network. It can also retain the intercepted traffic for future use by the LEAs.

PertSol iNterceptor platform along with iNteliProbes intercepts the IPLC traffic using the probes that capture the data and intercept the required information and transmit it towards the LEA through LI Mediator & Management platform situated at the central monitoring location. The mediator server carries out the reconstruction of entire TCP traffic for various protocols including HTTP, Telnet, FTP, POP3, SMTP, NNTP, and many other unencrypted protocols. SSL decoding is also supported wherein private keys are available. iNterceptor solution is designed to change and adapts as per the latest network upgradation and technologies. It protects investments through its modular setup, accommodating network expansion as well as network changes. It can also integrate with existing Lawful Interception Solution incorporating it into a centrally managed unified solution.
Supported Standards & Regulations:
Supported Standards & Regulations'
IPLC - LIMS Architecture
iplc-ims-architecture
Interception Criteria

iNterceptor is capable of intercepting content using the criteria below:

  • MAC Address
  • ATM Address/X25Address (If in network)
  • L2VPNIdentifier
  • Source IP (IPv4, IPv6)
  • Destination IP (IPv4, IPv6)
  • VOIP Identifier
  • Subnet IP Address
  • LL Circuit Number
  • LL Channel Number
  • L3 VPN Identifier
  • TCP Port number & range
  • UDP Port number & range
  • SCTP range
  • Radius, AAA and DHCP username
  • Chat Nickname – For unencrypted traffic if available
  • Email Address (SMTP, POP3, IMAP4)
  • Web mail (To, From, CC)
  • URL Address
  • IM-ID
  • IM Group
  • Keyword (case Insensitive)
  • User Group (i.e. Yahoo user group)
  • Phone number (including VOIP)
  • SIP (URI/Phone/Email)
  • Leased Line (Circuit/Channel Number)
  • MPLS Tag (RD/RT+IP address)
  • STM Link ID
  • Customer Location
  • STM Channel Number

iNterceptor can intercept content using any combination of the above-mentioned criteria which includes boolean condition (AND, OR, NOT etc.). It is also possible to group targets on the basis of the following rules:

Packets originating from or destined to an IP - Sub-network
Packets between two specific IP–Sub-network
Packets originating from a specific IP address (client or server) and port-range
Packets destined to a specific IP address (client or server) and port-range
Supported Traffic for Interception

Our solution discovers and collects data based on IPv4 or Ipv6 internet access. IP access can be static IPv4/IPv6 addresses or subnets, DHCP assigned via MAC address or RADIUS login.

  • ITU-T H.323, H.248, G.711, G.722.2, G.723.1, G.726, G.728, G.729AB
  • SIP + RTP,
  • SIP + SRTP,
  • SIP over TLS + RTP
  • SIP over TLS and SRTP
  • RTP header Compression systems with and without extensions
  • Packetized GSM and Data Traffic over TDM and IP
  • De-multiplexing of voice sent over IP with and without RTP header
  • De-multiplexing of Bundling of Multiplexed IP traffic which contains TCP, UDP, SCTP etc, traffic over fixed ports

Our solution can discover and collect data based on target’s email activity. It supports email based on SMTP, POP3 and IMAP4. The monitored traffic can be all emails or can be specified as target email id like abc@domainname, local name (at any domain), @domainname (any local name on this domain). Targets can be specified as receiver of emails (including CC & BCC) or sender of email or both. Our system collects the email session, the full email and its attachments.

Our solution can also monitor and collect data from webmail. The webmail session is captured and decoded with the information extracted and delivered in RFC822 format (email text, folders, drafts) and byte stream with metadata (attachments).

Some of the supported email protocols are SMTP, POP3, IMAP4, Windows Live Email, QQ mail, Lotus Notes, Thunderbird mail system and other commonly used systems.

Our solution is capable of collecting data for all IM/Chat activity. Options for delivered traffic includes key IM/Chat events, or the full IM/Chat session, including (when possible) advanced features such as audio, video, and file sharing, formatted using RFC 3920/3921 XMPP for IM/Chat text and presence information, video files, summary information, and events.

Our solution can detect and collect based on DNS domain lookups and HTTP/HTTPS traffic based on URL, HTTP header and SSL handshakes. Traffic can be discovered and collected for all web activity or can be specified with targeting information including the client, a website or a specific type of traffic.

Our solution can detect and collect data based on file transfer activity such as FTP, BitTorrent, Gnutella, SMB V1/V2 and others.

Supports fax over IP that use ITU-T T.37, T.38

Our solution can detect and collect encrypted information such as certificates, Public Key, Encryption, Authentication and integrity algorithms, Server Key and Session key information. Some of the encrypted algorithms supported by our system are DES, 3DES, AES-128, AES-256. It also supports SIP over SSL, POP3 over SSL, HTTPS, OpenSSL, Openswan and other encrypted traffic provided their keys are available.

iNterceptor Benefits
  • High Performance Mediation: iNterceptor is capable of handling network with very high throughput requirements. It can handle multiple 100 Gbps links and is capable of selecting required traffic from these links.

  • Integrity Check Mechanism: The integrity check mechanism periodically checks the network elements and if required correct the erroneous states. It will query the network element for the placed intercepts and add missing intercepts, remove invalid intercepts, etc. This mechanism is used to detect and correct both network flaws as well as tampering with the interception solution. In case of correction of an erroneous state, this will be notified to the operator.

  • Extensive Interface Adapters: iNterceptor has a vast range of Input/Output adapters which makes it compatible with all the available access technologies and network equipment of all the major equipment providers.

    By allowing multiple Input and Output Adapters to be combined in one system, iNterceptor can be configured to support any situation, even mixing circuit switched and packet switched technologies in the same system. If required, customerspecific Input or Output adapters can be developed. Because of the true modularity of the iNterceptor, these specifically developed adapters can generally be offered at the same price as a standard license.

    Due to its design philosophy, iNterceptor can support hybrid networks with equipment from different vendors on same server. When networks grow or change, iNterceptor can easily be extended to cater for the growth in traffic volumes or new types of network elements.

  • Compliance: Unified solution for all interception requirements of a service provider which is compliant to international standards like 3GPP, ETSI, ATSI, ANSI, CALEA and others. It also complies with local LI regulations of many countries across the world.

  • Proven Field Record: PertSol’s LI is a proven and mature solution that continues to benefit from functional enhancement and feature evolution. It has been deployed in varied networks, enabling TSPs / Law Enforcement Agencies to benefit.