Skip to main content

Approaches to Address the Availability of Information in Criminal Investigations Involving Large-Scale IP Address Sharing Technologies

Document Type Expired Internet-Draft (individual)
Expired & archived
Author David O'Reilly
Last updated 2018-10-14 (Latest revision 2018-04-12)
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status Informational
IETF conflict review conflict-review-daveor-cgn-logging
Stream WG state (None)
Document shepherd Eliot Lear
Shepherd write-up Show Last changed 2018-01-15
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)
IANA IANA review state Version Changed - Review Needed

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


The use of large-scale IP address sharing technologies (commonly known as "Carrier-Grade NAT" and "A+P") presents a challenge for law enforcement agencies due to the fact that incoming source port information is not routinely logged by Internet-facing servers. The absence of this information means that it is becoming increasingly difficult for law enforcement agencies to identify suspects in criminal activity online. This document considers the reasons why source port information is not routinely logged by Internet-facing servers and makes recommendations to help improve the situation. A deployment maturity model has been developed and a study of the support for logging incoming source port information in common server software is also presented.


David O'Reilly

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)