Approaches to Address the Availability of Information in Criminal Investigations Involving Large-Scale IP Address Sharing Technologies

Document Type Expired Internet-Draft (individual)
Author David O'Reilly 
Last updated 2018-10-14 (latest revision 2018-04-12)
Stream Internet Engineering Task Force (IETF)
Intended RFC status Informational
Expired & archived
pdf htmlized (tools) htmlized bibtex
IETF conflict review conflict-review-daveor-cgn-logging
Stream WG state (None)
Document shepherd Adrian Farrel
Shepherd write-up Show (last changed 2018-01-15)
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
IANA IANA review state Version Changed - Review Needed

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The use of large-scale IP address sharing technologies (commonly known as "Carrier-Grade NAT" and "A+P") presents a challenge for law enforcement agencies due to the fact that incoming source port information is not routinely logged by Internet-facing servers. The absence of this information means that it is becoming increasingly difficult for law enforcement agencies to identify suspects in criminal activity online. This document considers the reasons why source port information is not routinely logged by Internet-facing servers and makes recommendations to help improve the situation. A deployment maturity model has been developed and a study of the support for logging incoming source port information in common server software is also presented.


David O'Reilly (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)