What do you think about communications data collection and storage?
Ian Batten
ukcrypto at chiark.greenend.org.uk
Mon, 4 May 2009 17:32:48 +0100
On 4 May 2009, at 10:02, Fearghas McKay wrote:
>
> On 3 May 2009, at 22:47, Roland Perry wrote:
>
>> This all seems to be "fighting the last war but two". I thought you
>> were talking about clock drift in millisecends, not minutes. And
>> who accesses the Internet by dynamic-IP dialup any more?
>
> Mobile 3G/GPRS users do.
More complex in that case, because it's NAT'd as well. Are there any
3G operators whose commodity products don't issue RFC1918 IP
numbers? I happened to have cause last year to look at the IP
number allocation by Vodafone, and I was able to open up my private
server to my Vodafone GPRS data phone with a /30.
So if you are monitoring a server on the real Internet, and a punter
arrives with an IP number which maps back to the NAT pool of a molo,
you don't just need access to their DHCP/Radius logs, you also need
access to the NAT translations in progress that minute and,
interestingly, if all you have is the Apache (or whatever) logs from
the server, you are missing the source port which is the actual
discriminator you want.
ian