Right, in most circumstances you're not required to keep logs. But there
are some cases, albeit a fairly narrow subset, in which you'd want to have
log files that are available to you but not an adversary using legal process.
-Declan
At 01:15 AM 4/29/01 -0400, Phillip H. Zakas wrote:
>there is no requirement for maintaining log files (unless specifically
>directed otherwise.) log files contain either marketing value or sysadmin
>value -- in both cases specific ip addr info isn't necessary to maintain
>that value (except in case of anomalous activity). one could collect info
>without identifying information.
>
>same principle applies to e-mail. once mail is deleted from a pop or imap or
>whatever server, there is no requirement to keep the backup tapes of e-mail.
>in fact the larger isps no longer keep deleted e-mail...they maintain only
>e-mail headers for up to six months. smaller isps should follow in these
>steps (though i'd argue you shouldn't even keep header info.)
>
>don't save it if you don't really truly need it.
>
>phillip
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Declan McCullagh
> > Sent: Saturday, April 28, 2001 11:46 PM
> > To: Anonymous
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: layered deception
> >
> >
> >
> > I rather like the idea of encrypting the logs on the fly and shipping them
> > offshore. Your offshore partner will be instructed to turn over the
> > logs only if you are not asking for them under duress. (A reasonable
> > protocol can probably be worked out. Would a court order instruct you
> > to lie? If so, would it be valid?)
> >
> > -Declan
> >
> >
> > On Sat, Apr 28, 2001 at 03:45:38PM -0600, Anonymous wrote:
> > > In view of the recent "gimme-the-logs-or-we-fuck-you" activities
> > > of armed men
> > > (http://www.indymedia.org/front.php3?article_id=36912&group=webcast ,
> > > http://seattle.indymedia.org/display.php3?article_id=3013 )
> > > what would be the legal consequence of the following:
> > >
> > > 1. A virus is designed that spreads itself in some standard way and that
> > > deletes log files of popular http server implementations.
> > >
> > > 2. Files are deleted when virus receives a packet on a known port.
> > >
> > > 3. Detection of virus requires more than average admin can do.
> > >
> > > So when logs are requested an outside "3rd" party can maliciously
> > > remove logs. The first several ISPs to contract this virus will
> > > probably get fucked, but by then it should become obvious that the
> > > ISP cannot effectively control the virus.
> >
> >
