[sorry for a bit long email] Fellow Apache devs,
My name is Jan Zorz and I'm actively involved in discussion or development of many IPv4 to IPv6 transition mechanisms procedures at IETF.
I'm also co-author of RFC6346, called A+P (Address + port), where we are trying to solve the IPv4 exhaustion with sharing the public IPv4 address between many users with just giving them different sets of ports.
This was developed as response to CGN (Carrier Grade Nat), that was the only solution for carriers - putting one big NAT in the core and lock users in walled garden, giving them private IP addresses to WAN port of CPE.
A+P or CGN seems inevitable and here goes the issue, that we created - source IP does not belong to unique identifiable user anymore. Currently if bad guy hacks a web server a log file shows the IP of attacker and timestamp and that is legally enough to find the attacker.
With CGN or A+P in place, only source IP and timestamp is not enough anymore, as at that moment many users used the same IP address. CGNs and A+P core devices can log the port provisioning, but that does not help, if attacked site has no info in logs about source IP *and* source port, that was used to communicate.
Is it easily possible to add one small feature to logging module of apache server, that would log also source port in addition to IP and timestamp?
We are going to throw this issue at regulators accociations and also some governments in order to change the law to include source port as mandatory, when initiating the investigation and web server log file would be perfect place to log that.
Any thoughts? Cheers and thnx, Jan Zorz Go6 Slovenia P.S: Guys, thnx for Apache server, loving and using it since 1996 :)
