On Fri, 06 Jan 2012 09:11:30 +0530, Suresh Ramasubramanian said: > I would love to ask the EFF just what you do when you don't log stuff, > and then need to troubleshoot someone causing a DDoS or something from > your network in a hurry.
What John actually said: > OSPs cannot be forced to provide data that does not exist. EFF suggests > that OSPs draft an internal policy that states that they collect only > limited information and do not retain any logs of user activity on their > networks for more than a few weeks. You need to track down a miscreant user *right now*? You got the last 48 hours of logs right at hand. It's been a week? Meh, if somebody's been getting hit by a DDoS for a week and is just now calling you, the fact they have a DDoS is the least of their problems. Toss the logs. :) > Not that I'd get any sort of a useful answer from them, beyond random > propaganda that spam filtering is evil, DPI is demoniacal etc etc. Might want to go and actually read https://www.eff.org/wp/osp before you say that. The PDF version runs to about 15 pages of detailed and useful info for an OSP.;
pgptjoR0n6HGp.pgp
Description: PGP signature