tag:blogger.com,1999:blog-3993498847203183398.post3838494483860108999..comments2024-03-28T09:19:27.451+00:00Comments on RevK<sup>®</sup>'s ramblings: Internet Connection Records, a small taste of the problems with #IPBillRevKhttp://www.blogger.com/profile/12369263214193333422noreply@blogger.comBlogger17125tag:blogger.com,1999:blog-3993498847203183398.post-28588359589026573232016-04-04T13:21:49.702+01:002016-04-04T13:21:49.702+01:00Out of interest, what does Tor Project traffic loo...Out of interest, what does Tor Project traffic look like to an IP Bill compliant logging system? I would expect it to be a huge number of small flows, as you see the Tor client access Tor relays, and relay to relay traffic, which breaks any reasonable logging system.Simon Farnsworthhttps://www.blogger.com/profile/15190608047563530091noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-48468814669358431902016-04-04T13:17:21.138+01:002016-04-04T13:17:21.138+01:00Note, though, that ISP workers are at risk of the ...Note, though, that ISP workers are at risk of the $5 wrench backdoor if the ISP does the logging, too - if they'd have access to the private key in Terry F.'s proposal, they'd have access to the data store in the current proposal.Simon Farnsworthhttps://www.blogger.com/profile/15190608047563530091noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-46097659691237444522016-04-01T21:43:42.816+01:002016-04-01T21:43:42.816+01:00This would also have the added objective of creati...This would also have the added objective of creating the single biggest honeypot in human history, and a lot of ISP workers being threatened with the greatest backdoor ever - the $5 wrench, in order to reveal the private key.Anonymoushttps://www.blogger.com/profile/16631190144605553151noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-40016377732684209702016-03-28T10:41:46.427+01:002016-03-28T10:41:46.427+01:00It looks like not - responses at much lower level ...It looks like not - responses at much lower level because of rate limiting.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-35785577839792200712016-03-28T09:25:00.357+01:002016-03-28T09:25:00.357+01:00I always felt that the best way to solve this prob...I always felt that the best way to solve this problem was for the Government to run the storage side of things (economies of scale, etc), establish a private interconnect with the ISP and for the ISP to encrypt/sign/relay customer traffic to that service.<br /><br />The ISP would maintain a cryptographic keypair where the government was handed the public key and the ISP would not disclose the private key under any circumstances.<br /><br />This keypair would be used to sign each encrypted payload for the purposes of ensuring evidence has not been tampered with.<br /><br />In addition, the ISP would also generate a cryptographic keypair on a per-customer basis with public keys retained by the ISP and private keys stored offline on a secure system - these keys are rotated monthly by the ISP - these keys are used to encrypt customer traffic prior to signing with the ISPs' key and before transmission to Government storage - older keys are only kept for as long as they are able to decrypt data required by the legal retention period (12 months or whatever).<br /><br />Once the retention period has passed, the Government will no longer be able to read the data as the ISP will have deleted the private key required to decrypt the data.<br /><br />A warrant, properly signed, would merely require the ISP to disclose the private keys to law enforcement for that specific customer and covering the specific date range mentioned in the warrant; of course, with the Government being in possession of the private keys, it would be possible for them to 'fake' traffic if they wanted to 'fit up' a particular individual - hence why each genuine encrypted payload would be signed by the ISPs' private key.<br /><br />Law enforcement would then have to obtain the encrypted data from the Government storage service or perhaps supply the keys directly to that service and they automatically return all data they have which was signed with the designated ISP key and decrypted with the supplied keys.<br /><br />I believe that this method would have easily met the Governments' *published* requirements of being able to examine a users' historic data trail, they would have had to shoulder all of the expense of storing the data and the ISP still gets the final say as to who can see their customers' traffic or not - in other words, it allows collection of all the data but not necessarily the ability to view any of it without the appropriate legal process being followed.<br /><br />Of course, this is not what they have done so some of us have other plans to combat this stupid bill if/when it passes.Terry F.https://www.blogger.com/profile/13969846575454712191noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-21437819328301154252016-03-28T06:09:15.918+01:002016-03-28T06:09:15.918+01:00If they were sending 1GB/day of DHCPv6 requests, w...If they were sending 1GB/day of DHCPv6 requests, weren't you sending a similar amount of DHCPv6 responses?Anonymousehttps://www.blogger.com/profile/14477337188314298338noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-62936281515607999062016-03-27T15:56:37.677+01:002016-03-27T15:56:37.677+01:00The point is that these systems are not designed t...The point is that these systems are not designed to log this stuff. The Internet is growing and the logging is normally for diagnostics or statistics, not for law enforcement. Routers often use custom hardware and ASICs to shift packets to their destination quickly.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-31003441752152977702016-03-27T15:32:00.402+01:002016-03-27T15:32:00.402+01:00"Logging system not designed to log large num..."Logging system not designed to log large number of connections fails to log large number of connections. Government policy proven impossible to implement."<br /><br />Really? Will Deanhttps://www.blogger.com/profile/15515078919433985452noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-47073132760275447192016-03-27T15:25:54.965+01:002016-03-27T15:25:54.965+01:00If I were to send a single one-byte UDP data-packe...If I were to send a single one-byte UDP data-packet (plus IP-header) I presume that you would need to log date-time, source IP+port, destination IP+port, protocol, and a lot more useless information.<br /><br />Because of course, that "might" be an Internet-connection, and I "might" have decided that any one of the "header-fields" was the important data (not to be confused with the "content" that they apparently don't want to log)<br /><br />What a lot of trouble for sending somebody the number '1'<br /><br />...<br /><br />Now if I were to send you an multi-gigabyte file this way [i.e. not necessarily via TCP, so not necessarily able to be defined as a "connection") (perhaps one a day for 12 months) .. Good luck in logging it all :-)<br /><br /><br />Steven Wilmothttps://www.blogger.com/profile/00771671711326044189noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-40771397222221568882016-03-27T00:26:19.142+00:002016-03-27T00:26:19.142+00:00Seems to me like a good way of DoSing a network if...Seems to me like a good way of DoSing a network if it's badly configured. Obviously it would be sensible to ensure any logging hardware crashing is not going to take your network down (i.e. you'd have to port mirror off the core switches to dedicated logging devices), but the actual capacity needed for a larger network would be staggering no doubt.<br /><br />What about storage space? With that much data you'd have to look at LTOs really. Are those going to have to be vaulted for 12 months? You'd be sending truckloads of them each day. What about all the auditing and tracking? What happens when tapes get lost?<br /><br />Bittorrent would drive the system absolutely crazy.<br /><br />This also raises the question about what happens if an ISP cannot log the traffic due to lack of storage/capacity or someone deliberately attacking it? Do they have to shut their entire service off until the matter is under control? Are they held liable and treated as criminals if a single session gets through the log?<br /><br />One hopes our beloved politicians will finally see the light. I did rather bluntly state in my submission that they're the product of someone without the slightest clue, and that personally I don't fear my activities being logged since they won't see anything I don't want them to see. I suppose if there's one good thing that comes of all this, I get to go on record nationally telling a politician they're an idiot...Ferrocene Cloudhttps://www.blogger.com/profile/03811061917059971410noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-75741172715493517172016-03-26T22:31:15.036+00:002016-03-26T22:31:15.036+00:00If IP bill is finally passed, this can be a way to...If IP bill is finally passed, this can be a way to DDos ISPs data logs.Xing Yanghttps://www.blogger.com/profile/09418576637152841101noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-2183506098203059292016-03-26T21:38:22.640+00:002016-03-26T21:38:22.640+00:00All of these cheap domestic routers have their pro...All of these cheap domestic routers have their problems. The TG582n was very unreliable, I had a mains power switch on mine to power cycle it daily at 06:20. But at least the IPv6 workd well. The Zyxel is much more reliable and has a better webui (unless you want to use it on a tablet or smartphone), but the IPv6 stops working a few hours t a day after the router is powered on. One day there might be a cheap domestic router that works reliably, but equally pigs might fly.Owen Smithhttps://www.blogger.com/profile/00890951742186614705noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-64027775338490875532016-03-26T21:37:00.090+00:002016-03-26T21:37:00.090+00:00My bad, I always thought upload was metered on the...My bad, I always thought upload was metered on the units tariffs! rtho782https://www.blogger.com/profile/02052870855136709228noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-35007610376612833222016-03-26T17:47:02.640+00:002016-03-26T17:47:02.640+00:00If we metered upload we might have done that.If we metered upload we might have done that.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-83155002988316671132016-03-26T17:45:21.770+00:002016-03-26T17:45:21.770+00:00So, do those customers on a usage based plan get 1...So, do those customers on a usage based plan get 1gb of credit to their account for this, as it was outside their control? ;)rtho782https://www.blogger.com/profile/02052870855136709228noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-16777165436804840242016-03-26T17:24:53.824+00:002016-03-26T17:24:53.824+00:00We currently do a ZyXEL model, but that will chang...We currently do a ZyXEL model, but that will change some time I am sure. Times change, and these days we need something that does ADSl and VDSL... Yes, the Technicolors were pretty good.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-40809643066215343512016-03-26T17:22:27.417+00:002016-03-26T17:22:27.417+00:00I first signed up with you 2½ years ago and was gi...I first signed up with you 2½ years ago and was given a Technicolor TG582n. Do you not give these out any more? Any particular reason? It seems mine was indeed affected as it has a connection uptime from around 6am on Thursday. Apart from this, it works fine, just curious!James Le Cuirothttps://www.blogger.com/profile/16164996834775870722noreply@blogger.com