httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Fritsch>
Subject Re: Logging of source port in addition to source IP address
Date Tue, 30 Aug 2011 18:57:59 GMT

On Tuesday 30 August 2011, Jan Zorz @ wrote:
> My name is Jan Zorz and I'm actively involved in discussion or
> development of many IPv4 to IPv6 transition mechanisms procedures
> at IETF.
> I'm also co-author of RFC6346, called A+P (Address + port), where
> we are trying to solve the IPv4 exhaustion with sharing the public
> IPv4 address between many users with just giving them different
> sets of ports.
> This was developed as response to CGN (Carrier Grade Nat), that was
> the only solution for carriers - putting one big NAT in the core
> and lock users in walled garden, giving them private IP addresses
> to WAN port of CPE.
> A+P or CGN seems inevitable and here goes the issue, that we
> created - source IP does not belong to unique identifiable user
> anymore. Currently if bad guy hacks a web server a log file shows
> the IP of attacker and timestamp and that is legally enough to
> find the attacker.
> With CGN or A+P in place, only source IP and timestamp is not
> enough anymore, as at that moment many users used the same IP
> address. CGNs and A+P core devices can log the port provisioning,
> but that does not help, if attacked site has no info in logs about
> source IP *and* source port, that was used to communicate.
> Is it easily possible to add one small feature to logging module of
> apache server, that would log also source port in addition to IP
> and timestamp?

This should already work with the %{remote}p log format, see

Have you tried that?


View raw message