[148230] in North American Network Operators' Group
Re: question regarding US requirements for journaling public email
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Jan 5 23:01:41 2012
To: Suresh Ramasubramanian <ops.lists@gmail.com>
In-Reply-To: Your message of "Fri, 06 Jan 2012 09:11:30 +0530."
<CAArzuotp+zq-dJHMpcvMgqu67uSMzuygb2rfie7cO4xgwMk9TA@mail.gmail.com>
From: Valdis.Kletnieks@vt.edu
Date: Thu, 05 Jan 2012 23:00:15 -0500
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1325822415_3358P
Content-Type: text/plain; charset=us-ascii
On Fri, 06 Jan 2012 09:11:30 +0530, Suresh Ramasubramanian said:
> I would love to ask the EFF just what you do when you don't log stuff,
> and then need to troubleshoot someone causing a DDoS or something from
> your network in a hurry.
What John actually said:
> OSPs cannot be forced to provide data that does not exist. EFF suggests
> that OSPs draft an internal policy that states that they collect only
> limited information and do not retain any logs of user activity on their
> networks for more than a few weeks.
You need to track down a miscreant user *right now*? You got the last 48 hours
of logs right at hand. It's been a week? Meh, if somebody's been getting hit by
a DDoS for a week and is just now calling you, the fact they have a DDoS is the
least of their problems. Toss the logs. :)
> Not that I'd get any sort of a useful answer from them, beyond random
> propaganda that spam filtering is evil, DPI is demoniacal etc etc.
Might want to go and actually read https://www.eff.org/wp/osp
before you say that. The PDF version runs to about 15 pages of detailed
and useful info for an OSP.;
--==_Exmh_1325822415_3358P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFPBnHPcC3lWbTT17ARAqLPAKCzXrvqEP719kLnXntUIxmJjrs1aACglNTT
tjR5vVDzwrwVN3C700uxiiQ=
=HvnE
-----END PGP SIGNATURE-----
--==_Exmh_1325822415_3358P--
