<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 27/08/2014 8:13 PM, Ben Grubb wrote:<br>
</div>
<blockquote cite="mid:1409134420279.a712a83@Nodemailer" type="cite">
<span id="mailbox-conversation">They also want "information
necssary to identifiy the type of communication", including "the
type of service used"
<div><br>
</div>
<div>That sounds like port information to me.</div>
</span>
<div class="mailbox_signature">Regards,<br>
Ben Grubb</div>
</blockquote>
<br>
Ben - perhaps it is in their minds currently, but education is key.
Its one of many things that needs to be clarified with the
department.<br>
<br>
Keep in mind this is a first draft at a discussion paper about what
they want to ask for, not what they will ultimately require to
receive. They are asking for feedback, and *should* modify
subsequent papers taking into account feedback. <br>
Some of these ambit wishlist items may be infeasible to provide -
and they need to hear that from multiple sources, in calm measured
tones, backed up by technical details and facts.<br>
<br>
A legitimate response from members of the industry (including almost
everyone on this list) might be 'I understand you want to ask for
(x), however it is infeasible/unnecessary/contradictory/etc for
some/most/all ISPs to capture, store and ultimately provide (x) to
you. Here is why.(insert pages of technical detail).." and request
that (x) be removed from the list of things they could ask for -
delete whichever does not apply.<br>
<br>
Type of Communication/Type of Service they refer to *might* come
from logging UDP/TCP/every-other-Layer4-proto port data. However IMO
this is content data, extracted from deep within the Ethernet (maybe
PPPoE segment) packet being transmitted between your customer's link
and a different link. Content data (from inside the packet stream)
is not metadata, and can't be provided without a warrant.<br>
How many ISPs capture and log port information (or the equivalent)
from every Layer 3 protocol in
<a class="moz-txt-link-freetext" href="https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers">https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers</a> that your
customer might push across your links? Would you even notice if your
customers started pushing significant quantities of SCPS (IP Proto
105) over their IP link, let alone look into it for port
information?<br>
<br>
For mine, the answer to those particular points might be:<br>
<br>
"The best we could provide you with is:<br>
Type of Communication: Internet packet stream (as compared to
'private WAN packet stream')<br>
Type of Service: Internet access service. Possible adding
"Originated from an ADSL service" (as compared to a dial-up, NBN,
or other form of link by which the packets arrived into the
network).<br>
"<br>
Because these are things you might know, independently of the packet
contents or flow data.<br>
<br>
Treat this as an exercise in education, and educate them. This is
version 1.0 - not something you have to bend over for (yet). If the
method to implement logging and retaining (x) involves 'I'll have to
install DPI' then you might perhaps legitimately respond in your
submissions to this discussion paper "I'm sorry, I regret we will
not be able to provide that. If you are looking for me to
distinguish VoIP from Telnet from web sessions, with an interception
warrant I can send you the packets and you can determine
application-level aspects such as type of communication or type of
service for yourself".<br>
<br>
Regards,<br>
Paul.<br>
<br>
<br>
<blockquote cite="mid:1409134420279.a712a83@Nodemailer" type="cite">
<br>
<br>
<div class="gmail_quote">
<p>On Wed, Aug 27, 2014 at 6:50 PM, Lindsay Hill <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:lindsay.k.hill@gmail.com" target="_blank">lindsay.k.hill@gmail.com</a>></span>
wrote:<br>
</p>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div dir="ltr">"<span
style="font-family:arial,sans-serif;font-size:13px">If one
is required to keep</span><span
style="font-family:arial,sans-serif;font-size:13px"> NAT
presumably they need to store source and destination IP
addresses. The paper contradicts itself on that point no?"</span>
<div>
<span style="font-family:arial,sans-serif;font-size:13px"><br>
</span>
</div>
<div><font face="arial, sans-serif">No - you can just keep
source (internal) IP, and the public IP/port it was
translated to, at a specific time. There's a couple
of different ways of configuring this logging on current
CGN platforms.</font></div>
</div>
<div class="gmail_extra">
<br>
<br>
<div class="gmail_quote">On Wed, Aug 27, 2014 at 8:32 PM,
Ben Grubb <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:bgrubb@fairfaxmedia.com.au">bgrubb@fairfaxmedia.com.au</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<span>If one is required to keep<span> NAT presumably
they need to store source and destination IP
addresses. The paper contradicts itself on that
point no?</span>
<div><span><br>
</span></div>
</span>
<div>Regards,<br>
Ben Grubb</div>
<br>
<br>
<div class="gmail_quote">
<p>On Wed, Aug 27, 2014 at 3:44 PM, Beeson, Ayden <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:ABeeson@csu.edu.au">ABeeson@csu.edu.au</a>></span>
wrote:<br>
</p>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<p>LOL wow.
<br>
<br>
"Nothing in this data set applies to or requires
the retention of destination web address
identifiers, such as destination IP addresses or
URLs."
<br>
<br>
We just require everything else, no big deal. :P
<br>
<br>
For those interested, <a moz-do-not-send="true"
href="http://images.smh.com.au/file/2014/08/27/5711351/Data_retention_consultation_1.pdf">http://images.smh.com.au/file/2014/08/27/5711351/Data_retention_consultation_1.pdf</a>
<br>
<br>
Page 4 is where the "good stuff" starts.
<br>
<br>
Thanks,
<br>
Ayden Beeson
<br>
<br>
-----Original Message-----
<br>
From: AusNOG [mailto:<a moz-do-not-send="true"
href="mailto:ausnog-bounces@lists.ausnog.net">ausnog-bounces@lists.ausnog.net</a>]
On Behalf Of James Andrewartha
<br>
Sent: Wednesday, 27 August 2014 3:35 PM
<br>
To: <a moz-do-not-send="true"
href="mailto:ausnog@lists.ausnog.net">ausnog@lists.ausnog.net</a>
<br>
Subject: [AusNOG] Data retention definitions
<br>
<br>
So the consultation paper has leaked [1], and it
says data retention will apply to "all entities
that provide communications services available in
Australia" and while it won't require destination
IP addresses or URLs, it will require NAT records
to be kept.
<br>
<br>
Just which entities provide communication services
isn't defined, but at a guess it could include
hosting providers and univerisities.
<br>
<br>
[1] <a moz-do-not-send="true"
href="http://images.smh.com.au/file/2014/08/27/5710838/Data_retention_consultation.pdf">http://images.smh.com.au/file/2014/08/27/5710838/Data_retention_consultation.pdf</a>
<br>
<a moz-do-not-send="true"
href="http://www.smh.com.au/digital-life/digital-life-news/secret-data-retention-discussion-paper-leaked-20140827-108yyh.html">http://www.smh.com.au/digital-life/digital-life-news/secret-data-retention-discussion-paper-leaked-20140827-108yyh.html</a>
<br>
<br>
--
<br>
# TRS-80 trs80(a)<a moz-do-not-send="true"
href="http://ucc.gu.uwa.edu.au">ucc.gu.uwa.edu.au</a>
#/ "Otherwise Bub here will do \
<br>
# UCC Wheel Member <a moz-do-not-send="true"
href="http://trs80.ucc.asn.au/">http://trs80.ucc.asn.au/</a>
#| what squirrels do best |
<br>
[ "There's nobody getting rich writing ]| --
Collect and hide your |
<br>
[ software that I know of" -- Bill Gates, 1980 ]\
nuts." -- Acid Reflux #231 /
_______________________________________________
<br>
AusNOG mailing list
<br>
<a moz-do-not-send="true"
href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<br>
<a moz-do-not-send="true"
href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
<br>
Charles Sturt University
<br>
<br>
| ALBURY-WODONGA | BATHURST | CANBERRA | DUBBO |
GOULBURN | MELBOURNE | ONTARIO | ORANGE | PORT
MACQUARIE | SYDNEY | WAGGA WAGGA |
<br>
<br>
LEGAL NOTICE
<br>
This email (and any attachment) is confidential
and is intended for the use of the addressee(s)
only. If you are not the intended recipient of
this email, you must not copy, distribute, take
any action in reliance on it or disclose it to
anyone. Any confidentiality is not waived or lost
by reason of mistaken delivery. Email should be
checked for viruses and defects before opening.
Charles Sturt University (CSU) does not accept
liability for viruses or any consequence which
arise as a result of this email transmission.
Email communications with CSU may be subject to
automated email filtering, which could result in
the delay or deletion of a legitimate email before
it is read at CSU. The views expressed in this
email are not necessarily those of CSU.
<br>
<br>
Charles Sturt University in Australia <a
moz-do-not-send="true"
href="http://www.csu.edu.au">http://www.csu.edu.au</a>
The Grange Chancellery, Panorama Avenue, Bathurst
NSW Australia 2795 (ABN: 83 878 708 551; CRICOS
Provider Numbers: 00005F (NSW), 01947G (VIC),
02960B (ACT)). TEQSA Provider Number: PV12018
<br>
<br>
Charles Sturt University in Ontario <a
moz-do-not-send="true"
href="http://www.charlessturt.ca">http://www.charlessturt.ca</a>
860 Harrington Court, Burlington Ontario Canada
L7N 3N4 Registration: <a moz-do-not-send="true"
href="http://www.peqab.ca">www.peqab.ca</a>
<br>
<br>
Consider the environment before printing this
email.
<br>
_______________________________________________
<br>
AusNOG mailing list
<br>
<a moz-do-not-send="true"
href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<br>
<a moz-do-not-send="true"
href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
<br>
</p>
</blockquote>
</div>
<br>
<br>
<span
style="color:rgb(34,34,34);font-family:arial,sans-serif;background-color:rgb(255,255,255)"><font
size="1">The information contained in this e-mail
message and any accompanying files is or may be
confidential. If you are not the intended recipient,
any use, dissemination, reliance, forwarding,
printing or copying of this e-mail or any attached
files is unauthorised. This e-mail is subject to
copyright. No part of it should be reproduced,
adapted or communicated without the written consent
of the copyright owner. If you have received this
e-mail in error please advise the sender immediately
by return e-mail or telephone and delete all copies.
Fairfax Media does not guarantee the accuracy or
completeness of any information contained in this
e-mail or attached files. Internet communications
are not secure, therefore Fairfax Media does not
accept legal responsibility for the contents of this
message or attached files.</font></span><br>
_______________________________________________<br>
AusNOG mailing list<br>
<a moz-do-not-send="true"
href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a moz-do-not-send="true"
href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
</div>
<br>
<br>
<span
style="color:rgb(34,34,34);font-family:arial,sans-serif;background-color:rgb(255,255,255)"><font
size="1">The information contained in this e-mail message and
any accompanying files is or may be confidential. If you are
not the intended recipient, any use, dissemination, reliance,
forwarding, printing or copying of this e-mail or any attached
files is unauthorised. This e-mail is subject to copyright. No
part of it should be reproduced, adapted or communicated
without the written consent of the copyright owner. If you
have received this e-mail in error please advise the sender
immediately by return e-mail or telephone and delete all
copies. Fairfax Media does not guarantee the accuracy or
completeness of any information contained in this e-mail or
attached files. Internet communications are not secure,
therefore Fairfax Media does not accept legal responsibility
for the contents of this message or attached files.</font></span>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<br>
</body>
</html>