IPv4 Exhaustion...

• Previous message (by thread): IPv4 Exhaustion...
• Next message (by thread): IPv4 Exhaustion...
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 23 Jul 2010 13:59:41 -0400, Steven Bellovin <smb at cs.columbia.edu>  
wrote:
> Do the complaints you receive include port numbers?

I've never seen one that did.  I've not even seen one with an exact  
timestamp.

You would require the src and dst ip *and* port, plus the near exact  
timestamp of when the connection was opened and closed.  Even then, that's  
one needle in a huge pile of identical needles.  The netflow/sflow/etc.  
data needed to support such a lookup for a modern ISP network would be  
absolutely insane. (a decade ago for a small, regional ISP/telco, just  
prefix records were over 700MB per day -- back in the days of 2mb DSL,  
before bittorrent...)

--Ricky

• Previous message (by thread): IPv4 Exhaustion...
• Next message (by thread): IPv4 Exhaustion...
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]