[128074] in North American Network Operators' Group
Re: IPv4 Exhaustion...
daemon@ATHENA.MIT.EDU (Owen DeLong)
Sat Jul 24 04:49:15 2010
From: Owen DeLong <owen@delong.com>
In-Reply-To: <op.vgbc00vftfhldh@rbeam.xactional.com>
Date: Sat, 24 Jul 2010 01:48:13 -0700
To: Ricky Beam <jfbeam@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jul 23, 2010, at 1:40 PM, Ricky Beam wrote:
> On Fri, 23 Jul 2010 13:59:41 -0400, Steven Bellovin =
<smb@cs.columbia.edu> wrote:
>> Do the complaints you receive include port numbers?
>=20
> I've never seen one that did. I've not even seen one with an exact =
timestamp.
>=20
> You would require the src and dst ip *and* port, plus the near exact =
timestamp of when the connection was opened and closed. Even then, =
that's one needle in a huge pile of identical needles. The =
netflow/sflow/etc. data needed to support such a lookup for a modern ISP =
network would be absolutely insane. (a decade ago for a small, regional =
ISP/telco, just prefix records were over 700MB per day -- back in the =
days of 2mb DSL, before bittorrent...)
>=20
> --Ricky
Rough translation: LSN + CALEA =3D Very Interesting Times for ISPs that =
deploy LSN and are subject to CALEA.
Owen
