[lacnog] Registro de puertos de origen en servidores web / Source Port Logging on Web Servers
fhfrediani en gmail.com
Sab Mar 23 20:28:36 -03 2019
Both of course.
This tutorial is intended only to web server (there are other
applications that apply as well as email servers for example).
For CGNAT in the Access Provider it depends very much the way it is
configured. It may be a deterministic CGNAT and by range of ports, Bulk
Port Allocation, 464XLAT, etc, and they all generate different kind of
logs formats that allow people to link information form both sides to
identify whoever necessary based on the source port.
That's actually something important to highlight: I have seen cases in
court that non-technical people had endless discussions about if both
sides must log source port or only one of them. It is of course easier
for us that are technical to know that without both sides logging it is
simply impossible to make this identification, so passing it trough is
indeed a good practice I believe.
On 23/03/2019 19:39, Fernando Gont wrote:
> On 23/3/19 13:17, Carlos M. Martinez wrote:
>> On 23 Mar 2019, at 17:14, Fernando Frediani wrote:
>>> I mean social responsability in the sense of if a crime has been
>>> commited (even if it doesn't affect you) but if you have information
>>> that can help to solve that situation you are contributing to
>>> something that is in the interest of all.
>>> That's probably the main reaon some laws enforce, not forgetting the
>>> concerns of people's privancy.
>> This is key. We share common responsibilities that arise from operating
>> a huge, highly distributed system which largely depends on the goodwill
>> of those working on it.
> Maybe that's the key of the problem? :-) If the security of the system
> depends on the goodwill of all the involved parties, we have a problem.
> -- Yes, it currently does. And yes, it's kind of a miracle that it's
> "usable". :-)
>> Please log source ports. Por favor, logueen los puertos de origen.
> So... the plea is to log source ports at... web servers? CGNATs? Both?
Más información sobre la lista de distribución LACNOG