[Top] [All Lists]

Re: Logging port numbers

2011-06-09 21:18:49

On Jun 7, 2011, at 1:42 PM, John Levine wrote:

p.s. Though this does beg the question: how useful is it to log port
numbers when there's a very good chance that one or both ends are
behind one or more layers of NATs that don't log state changes?  I
understand and agree with the notion that LSN will dilute the value
of IP addresses as source identifiers.  But as far as I can tell,
they are already of pretty marginal value even without LSN.

I'm sitting in a meeting talking about this very topic (LSN) with
people from organizations that manage a lot of users and a lot of
address space, and the consensus is that there will be enough logging
at the NAT end that it's worth logging the ports.

Whether it's the "right" thing to do or not, it sounds very likely that 
multiple operators will start trying to cram port numbers into Received: 
headers fairly soon.  It'd be helpful if the assembled experts here could give 
them some guidance.  Otherwise, they'll each make their own decisions -- and 
the trace headers will become even more confused.

J.D. Falk
the leading purveyor of industry counter-rhetoric solutions

<Prev in Thread] Current Thread [Next in Thread>