<div dir="auto"><div><br><br><div class="gmail_quote"><div dir="ltr">On Sat, 23 Mar 2019, 08:54 Carlos M. Martinez <<a href="mailto:carlosm3011@gmail.com">carlosm3011@gmail.com</a> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
Es un “what if” que no tiene demasiado sentido considerar. También <br>
si el atacante no atacara, no precisaríamos loguear nada. O también si <br>
vos supieras que el origen no usa CGN podrías no loguear puerto de <br>
origen.<br></blockquote></div></div><div dir="auto"><br></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"></blockquote></div></div><div dir="auto">Exactlly. Most of the time it is not about a "classic" attacker but a point of being able to identify someone that for example uploaded a non appropriate content, where someoneelse's credentials were used, from what location someone was connected (for an alibi or to resolve a dispute), etc. Overall to make sure every single connection can be traced back to his responsable person if necessary regardless if used behind a CGNAT or not.</div><div dir="auto"><br></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
El tema es que, independientemente de los atacantes, creo que es <br>
prácticamente obligatorio que los operadores de sitios y aplicaciones <br>
hagan logging de puerto de origen.<br></blockquote></div></div><div dir="auto"><br></div><div dir="auto">This discussion depends on the country and the local laws that may enforce it or not. Over here for example it correctlly does in my view.</div><div dir="auto"><br></div><div dir="auto">Bur regardless if the law mandates or not I undertand it is part of any content hosting providers social responsability to be able to give these answers society requires in order to be able to resove situations that are mostly in the i terest of society.</div><div dir="auto"><br></div><div dir="auto">Given the growing used o CGNAT everywhere I hope the most common web servers with time change their default log format to incorporate the source port so becomes an automatic thing for any new instalation.</div><div dir="auto">The cost of it is basically nothing given that means only an extra 5 characters in each line, so pretty worth doing.</div><div dir="auto"><br></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
><br>
><br>
<br>
s2<br>
<br>
Carlos<br>
_______________________________________________<br>
LACNOG mailing list<br>
<a href="mailto:LACNOG@lacnic.net" target="_blank" rel="noreferrer">LACNOG@lacnic.net</a><br>
<a href="https://mail.lacnic.net/mailman/listinfo/lacnog" rel="noreferrer noreferrer" target="_blank">https://mail.lacnic.net/mailman/listinfo/lacnog</a><br>
Cancelar suscripcion: <a href="https://mail.lacnic.net/mailman/options/lacnog" rel="noreferrer noreferrer" target="_blank">https://mail.lacnic.net/mailman/options/lacnog</a><br>
</blockquote></div></div></div>