On Fri, 06 Jan 2012 09:11:30 +0530, Suresh Ramasubramanian said:
I would love to ask the EFF just what you do when you don't log stuff, and then need to troubleshoot someone causing a DDoS or something from your network in a hurry.
What John actually said:
OSPs cannot be forced to provide data that does not exist. EFF suggests that OSPs draft an internal policy that states that they collect only limited information and do not retain any logs of user activity on their networks for more than a few weeks.
You need to track down a miscreant user *right now*? You got the last 48 hours of logs right at hand. It's been a week? Meh, if somebody's been getting hit by a DDoS for a week and is just now calling you, the fact they have a DDoS is the least of their problems. Toss the logs. :)
Not that I'd get any sort of a useful answer from them, beyond random propaganda that spam filtering is evil, DPI is demoniacal etc etc.
Might want to go and actually read https://www.eff.org/wp/osp before you say that. The PDF version runs to about 15 pages of detailed and useful info for an OSP.;