Fwd: 23,000 IP addresses

Luis Marta luis.marta at gmail.com
Tue May 10 09:53:34 CDT 2011


 On Tue, May 10, 2011 at 3:38 PM, Michael Holstein <
michael.holstein at csuohio.edu> wrote:

>
> >
> http://www.wired.com/images_blogs/threatlevel/2011/05/expendibleipaddresses.pdf
> >
>
> The dates in the timestamps are back in February. We deleted those logs
> "..in the regular course of business.."
> a LONG TIME AGO.
>
> If you didn't do that, you really ought to ask yourself why.
>
> Regards,
>
> Michael Holstein
> Information Security Administrator
> Cleveland State University
>


In the EU you have Directive 2006/24/EC:
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:0063:EN:PDF

Article 6 - Periods of retention
Member States shall ensure that the categories of data specified in Article
5 are retained for periods of not less than six months and not more than two
years from the date of the communication.

Article 5 - Categories of data to be retained
1. Member States shall ensure that the following categories of data are
retained under this Directive:
(a) data necessary to trace and identify the source of a communication:
(...) the name and address of the subscriber or registered user to whom an
Internet Protocol (IP) address, user ID or telephone number was allocated at
the time of the communication;


Each member state creates its own law, according to the directive. In
Portugal, you have to retain the data for one year.

Best Regards,
Luís Marta.



More information about the NANOG mailing list