[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Dynamic IP log retention = 0?

Whether Covad chooses to enforce their AUP against port scanning is a
business decision up to them. Again, why worry about things out of your
control, especially when we are talking about port scanning. I would think
people have more pressing issues, guess not.

ross [at] dillio.net

> In message <20090312120816.B668 at egps.egps.com>, "N. Yaakov Ziskind"
> writes:
>> JC Dill wrote (on Thu, Mar 12, 2009 at 09:02:25AM -0700):
>> > Ross wrote:
>> >
>> > There seems to be a big misconception that he asked them to "hand
>> over"
>> > the info.  As I read the OP, he asked Covad to do something about it
>> > and Covad said "we can't do anything about it because we don't have
>> > logs".  Here's a quote from the OP:
> The real problem is that Covad claim (second hand) that they can't
> identify the perpetrator(s).
> 	I've been nudging an operator at Covad about a handful of
> 	hosts from his DHCP pool that have been attacking -
> 	relentlessly port scanning - our assets.  I've been informed
> 	by this individual that there's "no way" to determine which
> 	customer had that address at the times I list in my logs -
> 	even though these logs are sent within 48 hours of the
> 	incidents.
> One shouldn't need to have to get the indentities of the perpetrators
> to get AUP enforced.  Port scanning is against 99.9% of AUP's.
> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org