[128054] in North American Network Operators' Group
Re: IPv4 Exhaustion...
daemon@ATHENA.MIT.EDU (Ricky Beam)
Fri Jul 23 16:40:14 2010
To: "Steven Bellovin" <smb@cs.columbia.edu>, khatfield@socllc.net
Date: Fri, 23 Jul 2010 16:40:02 -0400
From: "Ricky Beam" <jfbeam@gmail.com>
In-Reply-To: <06B8EDAF-BAA0-445D-BC50-2FAA10E3ECD3@cs.columbia.edu>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, 23 Jul 2010 13:59:41 -0400, Steven Bellovin <smb@cs.columbia.edu>
wrote:
> Do the complaints you receive include port numbers?
I've never seen one that did. I've not even seen one with an exact
timestamp.
You would require the src and dst ip *and* port, plus the near exact
timestamp of when the connection was opened and closed. Even then, that's
one needle in a huge pile of identical needles. The netflow/sflow/etc.
data needed to support such a lookup for a modern ISP network would be
absolutely insane. (a decade ago for a small, regional ISP/telco, just
prefix records were over 700MB per day -- back in the days of 2mb DSL,
before bittorrent...)
--Ricky
