On Apr 25, 2018, at 2:49 PM, Povl H. Pedersen <[email protected]> wrote: > If we have performance issues, a drill down might be performed when the right > people are involved. And in a few cases we have located some low and slow > attacks and ended up blocking IPs. Usually 1 or 2. So it is crucial for > operations to pinpoint specific IPs for say a month.
Okay, but this won't work for the CGN case, so it's not relevant to the proposed work. > But an IP address is different. We can’t map it to a person. The legal system > can map it to a physical location unless that location has shared WiFi, VPN > or is a tor exit node. I have all 3. Unfortunately, although you are absolutely correct that it can't be mapped to a person, that is in fact how LEOs have historically tended to treat it. The person to whom it is mapped is presumed to be the subscriber. > We don’t send armed police in confiscating everything here in Denmark. Often > it is just a friendly knock on the door and a talk/confession. Here in the U.S. a criminal investigation of the sort you describe, where the victim is a network service provider, seems unlikely, although perhaps in some jurisdictions they are catching up. A typical consumer of this data would be a DMCA complainant or a police officer investigating some non-computer-fraud case that happens to involve some visible online activity that, if traced, might lead in the direction of a suspect.
_______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
