Fwd: 23,000 IP addresses

Luis Marta luis.marta at gmail.com
Tue May 10 14:53:34 UTC 2011

 On Tue, May 10, 2011 at 3:38 PM, Michael Holstein <
michael.holstein at csuohio.edu> wrote:

> >
> http://www.wired.com/images_blogs/threatlevel/2011/05/expendibleipaddresses.pdf
> >
> The dates in the timestamps are back in February. We deleted those logs
> "..in the regular course of business.."
> If you didn't do that, you really ought to ask yourself why.
> Regards,
> Michael Holstein
> Information Security Administrator
> Cleveland State University

In the EU you have Directive 2006/24/EC:

Article 6 - Periods of retention
Member States shall ensure that the categories of data specified in Article
5 are retained for periods of not less than six months and not more than two
years from the date of the communication.

Article 5 - Categories of data to be retained
1. Member States shall ensure that the following categories of data are
retained under this Directive:
(a) data necessary to trace and identify the source of a communication:
(...) the name and address of the subscriber or registered user to whom an
Internet Protocol (IP) address, user ID or telephone number was allocated at
the time of the communication;

Each member state creates its own law, according to the directive. In
Portugal, you have to retain the data for one year.

Best Regards,
Luís Marta.

More information about the NANOG mailing list