On Jul 23, 2010, at 1:40 PM, Ricky Beam wrote: > On Fri, 23 Jul 2010 13:59:41 -0400, Steven Bellovin <s...@cs.columbia.edu> > wrote: >> Do the complaints you receive include port numbers? > > I've never seen one that did. I've not even seen one with an exact timestamp. > > You would require the src and dst ip *and* port, plus the near exact > timestamp of when the connection was opened and closed. Even then, that's > one needle in a huge pile of identical needles. The netflow/sflow/etc. data > needed to support such a lookup for a modern ISP network would be absolutely > insane. (a decade ago for a small, regional ISP/telco, just prefix records > were over 700MB per day -- back in the days of 2mb DSL, before bittorrent...) > > --Ricky
Rough translation: LSN + CALEA = Very Interesting Times for ISPs that deploy LSN and are subject to CALEA. Owen
