[lacnog] Registro de puertos de origen en servidores web / Source Port Logging on Web Servers

Fernando Frediani fhfrediani en gmail.com
Sab Mar 23 11:17:33 -03 2019

On Sat, 23 Mar 2019, 08:54 Carlos M. Martinez <carlosm3011 en gmail.com wrote:

> Es un “what if” que no tiene demasiado sentido considerar. También
> si el atacante no atacara, no precisaríamos loguear nada. O también si
> vos supieras que el origen no usa CGN podrías no loguear puerto de
> origen.

Exactlly. Most of the time it is not about a "classic" attacker but a point
of being able to identify someone that for example uploaded a non
appropriate content, where someoneelse's credentials were used, from what
location someone was connected (for an alibi or to resolve a dispute), etc.
Overall to make sure every single connection can be traced back to his
responsable person if necessary regardless if used behind a CGNAT or not.

> El tema es que, independientemente de los atacantes, creo que es
> prácticamente obligatorio que los operadores de sitios y aplicaciones
> hagan logging de puerto de origen.

This discussion depends on the country and the local laws that may enforce
it or not. Over here for example it correctlly does in my view.

Bur regardless if the law mandates or not I undertand it is part of any
content hosting providers social responsability to be able to give these
answers society requires in order to be able to resove situations that are
mostly in the i terest of society.

Given the growing used o CGNAT everywhere I hope the most common web
servers with time change their default log format to incorporate the source
port so becomes an automatic thing for any new instalation.
The cost of it is basically nothing given that means only an extra 5
characters in each line, so pretty worth doing.

> >
> >
> s2
> Carlos
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20190323/81c3492b/attachment.html>

Más información sobre la lista de distribución LACNOG