[112666] in North American Network Operators' Group
Re: Dynamic IP log retention = 0?
daemon@ATHENA.MIT.EDU (Mark Andrews)
Thu Mar 12 18:27:10 2009
To: awacs@ziskind.us
From: Mark Andrews <Mark_Andrews@isc.org>
In-reply-to: Your message of "Thu, 12 Mar 2009 12:08:28 EDT."
<20090312120816.B668@egps.egps.com>
Date: Fri, 13 Mar 2009 09:26:33 +1100
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
In message <20090312120816.B668@egps.egps.com>, "N. Yaakov Ziskind" writes:
> JC Dill wrote (on Thu, Mar 12, 2009 at 09:02:25AM -0700):
> > Ross wrote:
> >
> > There seems to be a big misconception that he asked them to "hand over"
> > the info. As I read the OP, he asked Comcast to do something about it
> > and Comcast said "we can't do anything about it because we don't have
> > logs". Here's a quote from the OP:
The real problem is that Covad claim (second hand) that they can't
identify the perpetrator(s).
I've been nudging an operator at Covad about a handful of
hosts from his DHCP pool that have been attacking -
relentlessly port scanning - our assets. I've been informed
by this individual that there's "no way" to determine which
customer had that address at the times I list in my logs -
even though these logs are sent within 48 hours of the
incidents.
One shouldn't need to have to get the indentities of the perpetrators
to get AUP enforced. Port scanning is against 99.9% of AUP's.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
