nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IPv4 Exhaustion...

From: Leo Vegoda <leo.vegoda () icann org>
Date: Fri, 23 Jul 2010 14:29:00 -0700
On 23 Jul 2010, at 1:40, Ricky Beam wrote:

[...]


Do the complaints you receive include port numbers?


I've never seen one that did.  I've not even seen one with an exact  
timestamp.

You would require the src and dst ip *and* port, plus the near exact  
timestamp of when the connection was opened and closed.  Even then, that's  
one needle in a huge pile of identical needles.  The netflow/sflow/etc.  
data needed to support such a lookup for a modern ISP network would be  
absolutely insane. (a decade ago for a small, regional ISP/telco, just  
prefix records were over 700MB per day -- back in the days of 2mb DSL,  
before bittorrent...)


Richard Clayton wrote some interesting articles on this earlier this year. There's a UK flavour to them but I expect 
the concepts are transferable. 

http://www.lightbluetouchpaper.org/2010/01/12/extending-the-requirements-for-traceability/
http://www.lightbluetouchpaper.org/2010/01/13/practical-mobile-internet-access-traceability/
http://www.lightbluetouchpaper.org/2010/01/14/mobile-internet-access-data-retention-not/

Regards,

Leo
Previous By Date Next
Previous By Thread Next

Current thread: