Quote:
Originally Posted by Prevet
So they need the logs to do it.
|
Consider what a log is, and how one is created.
All the local networks I manage happen to log information about every packet that flows through every interface. It's easy to set up tools to do that, with no appreciable overhead on the collecting systems.[1]
I'm certain my upstream ISPs all log all this traffic as well, using the same technology.[1]
Like me, they probably don't store the data payloads. Lke me, they store only metadata about the packets, such as IP addresses. Protocols. Packet lengths. Timestamps. Connecting interfaces. Connecting systems.
Why? It's common to do this because it helps with performance management, helps with problem determination, and helps with capacity planning. It's simply part of managing a network and server infrastructure. It's normal. It's standard. It's best practice.
The service provider may or may not have logs. But their upstream ISPs almost certainly do, as otherwise they wouldn't be able to manage their network services very well. Even if they aren't currently logging data, a regulator or law enforcement agency may very well be able to compel the ISP to begin that collection.
Quote:
Originally Posted by Prevet
|
I believe that changes to the browser bundle were instituted post-Snowden-revelations to help protect against these published exploits. I'm also certain that state actors have improved their abilities to obtain information since then. This is a never-ending arms race. The only certainty is that we don't know what we don't know.
---
[1]
NetFlow statistics. On OpenBSD, this is easy to collect and record centrally from all my routers and servers. See the pflow(4) man page. I use the net/nfsen package to provide graphical analysis as well as drive detailed reporting through net/nfdump.
Here are some NfSen screenshots.