Educause Security Discussion mailing list archives
"many to one NAT" or PAT and RIAA
From: John LaPrad <jrl () SVSU EDU>
Date: Tue, 2 Sep 2008 13:17:45 -0400
We have put in place a system to load balance our ISP connections. It uses a dynamic "many to one NAT" to do this. Its very effective at load balancing, but I am having a hard time getting enough log information to uniquely identify internal users. There are typically thousands of users on a given IP address at one time, and to make it worse a single users Internet session may bounce between three different ISP connections. I can, and do keep netflow data, so I can look up an internal IP and see their Internet traffic. But if I get a communication saying that such an IP at such a time did something wrong. I have no idea who that was. If they give me a destination address, sometimes I can find one user that was there at that time, but sometimes there are more then one, and because of the PAT, I do not know which one they are referring to. What I am wondering is, regarding the RIAA and perhaps homeland security, what are our obligations as far as logging our users Internet activity? Do we have to be able to un-ambiguously connect an inside user to a outside IP. Are the Netflow logs (showing the inside address--but not the public address which would be logged at the other site) sufficient for this? ______________________________________________________________________ John LaPrad CISSP, CNE, CCNA, CCDA Manager of Network Services Saginaw Valley State University Phone: 989-964-7134 Fax: 989-964-7446
Attachment:
John LaPrad2.vcf
Description:
Current thread:
- "many to one NAT" or PAT and RIAA John LaPrad (Sep 02)
- <Possible follow-ups>
- Re: "many to one NAT" or PAT and RIAA Schoenefeld, Keith (Sep 02)