Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Re: A Clear Case for ISP Regulation: IP Address Logging

From: David Farber <dave () farber net>
Date: Wed, 3 Jun 2009 22:44:24 -0400


Begin forwarded message:

From: Michael Sinatra <michael () rancid berkeley edu>
Date: June 3, 2009 1:05:23 PM EDT
To: dave () farber net
Subject: Re: [IP] A Clear Case for ISP Regulation: IP Address Logging

On 06/03/09 02:12, David Farber wrote:

          A Clear Case for ISP Regulation: IP Address Logging
               http://lauren.vortex.com/archive/000577.html
Greetings.  Over on the Network Neutrality Squad
( http://www.nnsquad.org ) yesterday, I noted, without comment, the
following quote from the new Time Warner Cable privacy policy bill
insert:
 "Operator's system, in delivering and routing the ISP Services, and
  the systems of Operator's Affiliated ISPs, may automatically log
  information concerning Internet addresses you contact, and the
  duration of your visits to such addresses."
Once again, this sounds like simple netflow retention. I don't know of any ISP that *doesn't* do this, because it's impossible to run an ISP, or even an enterprise, without it. It would be like trying to negotiate an electric bill with the power company in the absence of an electric meter. If I may suggest a more benign use of this data, it is usually for capacity planning (predicting which peering points might become congested), billing of per-usage customers, identifying opportunities for new peering, keeping transit costs under control, and ensuring that settlement-free peering agreements are met. (Many of these agreements have explicit requirements for flow data.) For an enterprise, it helps you control how much money you pay to those ISPs by identifying hosts that may be unwittingly consuming bandwidth-- before a nasty surprise at the end of the month.
In many cases, the ISP *can* anonymize the data down to the /24 or similar level, but that precludes other uses of flow data: finding hosts that are misconfigured or compromised, or running as open proxies or open mail relays. (It also may be necessary to confirm such activity if notified by others, including law enforcement. There have been cases of "your host has been attacking me!!" reports where netflow helped explain what was really happening.)
I'd suggest that it's actually a better idea to regulate the anti- competitive practices that Lauren identified as *potential* uses of flow data. Given the legitimate uses of the data, banning it outright would cause major problems not just for ISPs, but for a lot of their paying customers. 

Michael Sinatra




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: