httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jan Zorz @ go6.si" <...@go6.si>
Subject Logging of source port in addition to source IP address
Date Tue, 30 Aug 2011 18:34:49 GMT
[sorry for a bit long email]

Fellow Apache devs,

My name is Jan Zorz and I'm actively involved in discussion or 
development of many IPv4 to IPv6 transition mechanisms procedures at IETF.

I'm also co-author of RFC6346, called A+P (Address + port), where we are 
trying to solve the IPv4 exhaustion with sharing the public IPv4 address 
between many users with just giving them different sets of ports.

This was developed as response to CGN (Carrier Grade Nat), that was the 
only solution for carriers - putting one big NAT in the core and lock 
users in walled garden, giving them private IP addresses to WAN port of 
CPE.

A+P or CGN seems inevitable and here goes the issue, that we created - 
source IP does not belong to unique identifiable user anymore. Currently 
if bad guy hacks a web server a log file shows the IP of attacker and 
timestamp and that is legally enough to find the attacker.

With CGN or A+P in place, only source IP and timestamp is not enough 
anymore, as at that moment many users used the same IP address. CGNs and 
A+P core devices can log the port provisioning, but that does not help, 
if attacked site has no info in logs about source IP *and* source port, 
that was used to communicate.

Is it easily possible to add one small feature to logging module of 
apache server, that would log also source port in addition to IP and 
timestamp?

We are going to throw this issue at regulators accociations and also 
some governments in order to change the law to include source port as 
mandatory, when initiating the investigation and web server log file 
would be perfect place to log that.

Any thoughts?

Cheers and thnx, Jan Zorz
Go6 Slovenia

P.S: Guys, thnx for Apache server, loving and using it since 1996 :)

Mime
View raw message