Dynamic IP log retention = 0?

JC Dill jcdill.lists at gmail.com
Thu Mar 12 11:02:25 CDT 2009


Ross wrote:
> I'll try to answer you in a more common sense approach as some have tried
> to do. First of all no network operator has to hand over their logs or
> user information over to you just because you want to know.

There seems to be a big misconception that he asked them to "hand over" 
the info.  As I read the OP, he asked Comcast to do something about it 
and Comcast said "we can't do anything about it because we don't have 
logs".  Here's a quote from the OP:

> I've been nudging an operator at Covad about a handful of hosts from 
> his DHCP pool that have been attacking - relentlessly port scanning - 
> our assets. I've been informed by this individual that there's "no 
> way" to determine which customer had that address at the times I list 
> in my logs - even though these logs are sent within 48 hours of the 
> incidents. 


IMHO, that's a bunch of BS from whoever he's talking with at Comcast.  
In the normal course of business they would have logs of which customer 
had that IP just 48 hours earlier.  They *can* do something about their 
customer.  And they *should* do something about their customer who is 
causing problems on another network, the same as if that customer was 
spewing spam, or actually attacking (DDoS etc.) another network.

So the question circles back around to how does the OP get Comcast to 
step up, internally identify and take care of their problem customer?  
What path should he take to get connected with someone who has more clue 
about this type of problem so that they can address it in a timely fashion?

Has it come to needing to get a lawyer to write a strongly worded letter 
just to get this type of thing done today?

jc





More information about the NANOG mailing list