smb at cs.columbia.edu
Fri Jul 23 12:59:41 CDT 2010
On Jul 23, 2010, at 1:36 18PM, khatfield at socllc.net wrote:
> From our past experience this can be accomplished without issue as long as you have good log records and tracking in place.
Do the complaints you receive include port numbers? Do you log the translation for every TCP connection and UDP exchange? I don't see how logs would work without that.
> Ensure you have long-term retention for the logs to cover yourself.
I'd consult a lawyer on that -- are you required to have such logs? Per the above, I'm not convinced that it's technically feasible to keep such logs for an operation of any size, nor do I think that most complaints have the right information (to wit, port numbers) to use them if they do exist.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
More information about the NANOG