Scanning the Internet for Vulnerabilities Re: 202207240927.AYC

Jay Hennigan jay at
Sun Jul 24 18:31:15 UTC 2022

On 7/24/22 07:20, Abraham Y. Chen wrote:
> Hi, John:
> 1) "...  dynamically assigned IP address space can still be tracked back 
> to a given system ... ": I fully agree with this statement. However,
>     A. You overlooked the critical consideration of the response time. 
> If this can not be done in real time for law enforcement purposes, it is 
> meaningless.

The same is true for statically assigned addresses, unless you're 
proposing that ISPs be forced to preemptively divulge all customer data 
to law enforcement and keep that data updated in real time. At least in 
the US, this would almost certainly be ruled an unconstitutional search.

It also fails to address the CGNAT scenarios often required to provide 
IPv4 Internet access at all.

>     B. Also, the goal is to spot the specific perpetrator, not the 
> "system" which is too general to be meaningful. In fact, this would 
> penalize the innocent users who happen to be on the same implied "system".

"System" isn't implied. It would be the AS and assigned CIDR block from 
the RIR.

>     C. In addition, for your “whack-a-mole” metaphor, the party in 
> charge is the mole, not the party with the mallet. It is a losing game 
> for the mallet right from the beginning.

The party in charge (ISP) is the programmer of the game that also holds 
the records of where the mole has been historically. With the proper 
warrant, law enforcement can get those records. It matters not whether 
the IP is static, dynamic, or part of a CGNAT pool.

>     So, the current Internet practices put us way behind the starting 
> line even before the game. Overall, this environment is favored by 
> multi-national businesses with perpetrators riding along in the 
> background. When security is breached, there are more than enough 
> excuses to point the finger to.

Overall, this environment is favored by most users of the Internet that 
don't want law enforcement to be handed yet another virtual wiretap by 
their ISP. It's also required in many cases to provide IPv4 Internet 
access at all, as there aren't enough static addresses to go around.

> No wonder the outcome has always been disappointing for the general public.

I disagree that the general public is disappointed. No one I know wants 
yet more agencies tracking them on the Internet, particularly agencies 
employing people with guns and the ability to throw them in jail.

Jay Hennigan - jay at
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV

More information about the NANOG mailing list