Dynamic IP log retention = 0?
Ross
ross at dillio.net
Thu Mar 12 23:54:33 UTC 2009
Whether Covad chooses to enforce their AUP against port scanning is a
business decision up to them. Again, why worry about things out of your
control, especially when we are talking about port scanning. I would think
people have more pressing issues, guess not.
--
Ross
ross [at] dillio.net
>
> In message <20090312120816.B668 at egps.egps.com>, "N. Yaakov Ziskind"
> writes:
>> JC Dill wrote (on Thu, Mar 12, 2009 at 09:02:25AM -0700):
>> > Ross wrote:
>> >
>> > There seems to be a big misconception that he asked them to "hand
>> over"
>> > the info. As I read the OP, he asked Covad to do something about it
>> > and Covad said "we can't do anything about it because we don't have
>> > logs". Here's a quote from the OP:
>
> The real problem is that Covad claim (second hand) that they can't
> identify the perpetrator(s).
>
> I've been nudging an operator at Covad about a handful of
> hosts from his DHCP pool that have been attacking -
> relentlessly port scanning - our assets. I've been informed
> by this individual that there's "no way" to determine which
> customer had that address at the times I list in my logs -
> even though these logs are sent within 48 hours of the
> incidents.
>
> One shouldn't need to have to get the indentities of the perpetrators
> to get AUP enforced. Port scanning is against 99.9% of AUP's.
>
> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
>
>
More information about the NANOG
mailing list