Dynamic IP log retention = 0?

Ross ross at dillio.net
Thu Mar 12 18:54:33 CDT 2009


Whether Covad chooses to enforce their AUP against port scanning is a
business decision up to them. Again, why worry about things out of your
control, especially when we are talking about port scanning. I would think
people have more pressing issues, guess not.

-- 
Ross
ross [at] dillio.net

>
> In message <20090312120816.B668 at egps.egps.com>, "N. Yaakov Ziskind"
> writes:
>> JC Dill wrote (on Thu, Mar 12, 2009 at 09:02:25AM -0700):
>> > Ross wrote:
>> >
>> > There seems to be a big misconception that he asked them to "hand
>> over"
>> > the info.  As I read the OP, he asked Covad to do something about it
>> > and Covad said "we can't do anything about it because we don't have
>> > logs".  Here's a quote from the OP:
>
> The real problem is that Covad claim (second hand) that they can't
> identify the perpetrator(s).
>
> 	I've been nudging an operator at Covad about a handful of
> 	hosts from his DHCP pool that have been attacking -
> 	relentlessly port scanning - our assets.  I've been informed
> 	by this individual that there's "no way" to determine which
> 	customer had that address at the times I list in my logs -
> 	even though these logs are sent within 48 hours of the
> 	incidents.
>
> One shouldn't need to have to get the indentities of the perpetrators
> to get AUP enforced.  Port scanning is against 99.9% of AUP's.
>
> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org
>
>






More information about the NANOG mailing list