question regarding US requirements for journaling public email (possible legislation?)

Valdis.Kletnieks at Valdis.Kletnieks at
Fri Jan 6 04:00:15 UTC 2012

On Fri, 06 Jan 2012 09:11:30 +0530, Suresh Ramasubramanian said:
> I would love to ask the EFF just what you do when you don't log stuff,
> and then need to troubleshoot someone causing a DDoS or something from
> your network in a hurry.

What John actually said:
> OSPs cannot be forced to provide data that does not exist. EFF suggests
> that OSPs draft an internal policy that states that they collect only
> limited information and do not retain any logs of user activity on their
> networks for more than a few weeks.

You need to track down a miscreant user *right now*? You got the last 48 hours
of logs right at hand.  It's been a week? Meh, if somebody's been getting hit by
a DDoS for a week and is just now calling you, the fact they have a DDoS is the
least of their problems. Toss the logs. :)

> Not that I'd get any sort of a useful answer from them, beyond random
> propaganda that spam filtering is evil, DPI is demoniacal etc etc.

Might want to go and actually read
before you say that. The PDF version runs to about 15 pages of detailed
and useful info for an OSP.;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list