rmg at ranma.com
Tue Jul 9 21:27:03 UTC 1996
From: Michael Dillon <michael at memra.com>
> On Tue, 9 Jul 1996, Daniel W. McRobb wrote:
> > There will likely never be a means for a single NSP to track down the
> > real source of spoofed packets using IPv4. Service providers won't be
> > letting other service providers track spoofed packets through their
> > network.
> Why not? Don't telcos do this?
Yes, telcos do this, but they (used) to have the same problem we all
have in the ISP world, in that your average DMS-100 voice switch is
optimized for call processing, not for call-detail searches.
Your average call-detail search used to take 1-2 hours for a 5 minute
window. (I say "used to" as now the SS7 STP processors now do the
call-detail recording, and call lookups are a matter of keystrokes and
Router mfgrs are still in the stages of switching packets as fast as
they can, not detail management. And of course, nooone of us want to
drop our routers down to process switching to track packets.
> Or if your answer is that telcos only do it for the police and not for
> each other, then my question would be why can't we form an Internet
> equivalent, maybe affiliated with something like CERT, that can make these
> requests and with whom NSP's would cooperate.
Telco call-detail lookups for law enforcement constitute <-.01% of those
lookups (I did work at MCI's Western Region Net Mgt canter). All the
other lookups are for maint purposes (like finding marginal trunks,
tracking call patterns, making sure routing databases are working right,
It's obviously going to be different in our case.
More information about the NANOG