The use of large-scale IP address sharing technologies (such as "Carrier-Grade NAT" and "A+P") present a challenge for law enforcement agencies due to the fact that the information required to attribute criminal activity based on IP address is not commonly recorded. Specifically, incoming source port information is not routinely logged by Internet-facing servers. The absence of this information means that it is becoming increasingly difficult for law enforcement agencies to identify suspects in criminal activity online. FTR Solutions has been working for some time to address this challenge.
This page provides references to the various publications and other resources that have been produced as part of that initiative.
Articles
- The Carrier-Grade NAT Information Gap
- A brief introduction to the crime attribution challenge that is introduced by Carrier-Grade NAT.
- Carrier-Grade NAT Source Port Re-Identification - Part 1
- Carrier-Grade NAT Source Port Re-Identification - Part 2
- Analysis of the re-identitification risk of logging source port at Internet-facing servers.
Publications
- Approaches to Address the Availability of Information in Criminal Investigations Involving Large-Scale IP Address Sharing Technologies
- This document considers the reasons why source port information is not routinely logged by Internet-facing servers and proposes some immediate-term actions that could be taken to help improve the situation. The document also contains a maturity model that has been developed to study the support for logging incoming soruce port information in common server software.
- Published in the independent submission stream in August 2017.
- Moved to the IETF stream in April 2018.
- Availibility of Required Data to Support Criminal Investigations Involving Large-Scale IP Address-Sharing Technologies
- Published in IEEE Security and Privacy (Volume 15, Issue: 5, 2017, Pages 90-93) in October 2017
Presentations
- Carrier-Grade NAT and Source Port Logging
- Presentation to Europol workshop on Carrier-Grade NAT (CGN) and Identification of Cyber-Attackers, 13th October 2017
- Best Practice for Logging at Internet-facing Servers
- Presentation to Internet Area Working Group at IETF-101, 19th March 2018
- The Carrier-Grade NAT Information Gap and Source Port Logging
- Presentation to OPSEC Working Group at IETF-102, 20th July 2018