Scanning the Internet for Vulnerabilities Re: 202207240927.AYC
Jay Hennigan
jay at west.net
Sun Jul 24 18:31:15 UTC 2022
On 7/24/22 07:20, Abraham Y. Chen wrote:
> Hi, John:
>
> 1) "... dynamically assigned IP address space can still be tracked back
> to a given system ... ": I fully agree with this statement. However,
> A. You overlooked the critical consideration of the response time.
> If this can not be done in real time for law enforcement purposes, it is
> meaningless.
The same is true for statically assigned addresses, unless you're
proposing that ISPs be forced to preemptively divulge all customer data
to law enforcement and keep that data updated in real time. At least in
the US, this would almost certainly be ruled an unconstitutional search.
It also fails to address the CGNAT scenarios often required to provide
IPv4 Internet access at all.
> B. Also, the goal is to spot the specific perpetrator, not the
> "system" which is too general to be meaningful. In fact, this would
> penalize the innocent users who happen to be on the same implied "system".
"System" isn't implied. It would be the AS and assigned CIDR block from
the RIR.
> C. In addition, for your “whack-a-mole” metaphor, the party in
> charge is the mole, not the party with the mallet. It is a losing game
> for the mallet right from the beginning.
The party in charge (ISP) is the programmer of the game that also holds
the records of where the mole has been historically. With the proper
warrant, law enforcement can get those records. It matters not whether
the IP is static, dynamic, or part of a CGNAT pool.
> So, the current Internet practices put us way behind the starting
> line even before the game. Overall, this environment is favored by
> multi-national businesses with perpetrators riding along in the
> background. When security is breached, there are more than enough
> excuses to point the finger to.
Overall, this environment is favored by most users of the Internet that
don't want law enforcement to be handed yet another virtual wiretap by
their ISP. It's also required in many cases to provide IPv4 Internet
access at all, as there aren't enough static addresses to go around.
> No wonder the outcome has always been disappointing for the general public.
I disagree that the general public is disappointed. No one I know wants
yet more agencies tracking them on the Internet, particularly agencies
employing people with guns and the ability to throw them in jail.
--
Jay Hennigan - jay at west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV
More information about the NANOG
mailing list