Dynamic IP log retention = 0?
JC Dill
jcdill.lists at gmail.com
Thu Mar 12 16:02:25 UTC 2009
Ross wrote:
> I'll try to answer you in a more common sense approach as some have tried
> to do. First of all no network operator has to hand over their logs or
> user information over to you just because you want to know.
There seems to be a big misconception that he asked them to "hand over"
the info. As I read the OP, he asked Comcast to do something about it
and Comcast said "we can't do anything about it because we don't have
logs". Here's a quote from the OP:
> I've been nudging an operator at Covad about a handful of hosts from
> his DHCP pool that have been attacking - relentlessly port scanning -
> our assets. I've been informed by this individual that there's "no
> way" to determine which customer had that address at the times I list
> in my logs - even though these logs are sent within 48 hours of the
> incidents.
IMHO, that's a bunch of BS from whoever he's talking with at Comcast.
In the normal course of business they would have logs of which customer
had that IP just 48 hours earlier. They *can* do something about their
customer. And they *should* do something about their customer who is
causing problems on another network, the same as if that customer was
spewing spam, or actually attacking (DDoS etc.) another network.
So the question circles back around to how does the OP get Comcast to
step up, internally identify and take care of their problem customer?
What path should he take to get connected with someone who has more clue
about this type of problem so that they can address it in a timely fashion?
Has it come to needing to get a lawyer to write a strongly worded letter
just to get this type of thing done today?
jc
More information about the NANOG
mailing list