IPv4 Exhaustion...
Ricky Beam
jfbeam at gmail.com
Fri Jul 23 20:40:02 UTC 2010
On Fri, 23 Jul 2010 13:59:41 -0400, Steven Bellovin <smb at cs.columbia.edu>
wrote:
> Do the complaints you receive include port numbers?
I've never seen one that did. I've not even seen one with an exact
timestamp.
You would require the src and dst ip *and* port, plus the near exact
timestamp of when the connection was opened and closed. Even then, that's
one needle in a huge pile of identical needles. The netflow/sflow/etc.
data needed to support such a lookup for a modern ISP network would be
absolutely insane. (a decade ago for a small, regional ISP/telco, just
prefix records were over 700MB per day -- back in the days of 2mb DSL,
before bittorrent...)
--Ricky
More information about the NANOG
mailing list