So i was recently contacted by the RCMP which is similar to getting called by the FBI. One of my customers has been doing things that they shouldnt be doing on the internet. They told me the external ip of the person and want me to sign a warrant of arrest for them but the problem is our external ips are DHCP and the ip they gave me has now changed. I dont wanna send the wrong person to jail. Im not sure if any of you have encountered this before. Is there a way to either log their external IPs or give the epmp units static external IP addresses? Any tips you guys have on better monitoring and logging of data without breaching privacy rights will be appreciated. the RCMp cant do anything now until the person does it again. And this time around i want to have a better system in place to help them.
No log from the DHCP server? That would let you correlate a DHCP IP with the MAC to which it was assigned at a particular time.
When I receive requests such as this I look up the IP address and time/date in question in the DHCP servers' logs to identify what MAC address I'm looking for, then I look to see where that MAC is 'right now' and identify the customer. (we're bridged, so customer equipment typically receives DHCP, radios live at management IPs) If the public DHCP pool is consumed they'll have a private IP via DHCP and be NATted at the gateway, in which case I cannot backtrack to a customer.
For thoroughness' sake, when I submit responses to these types of requests I try to explain in layman's terms that the addresses are handed out dynamically and subject to change, that the IP they are asking about was handed out to a device with XX:XX:XX:XX:XX:XX MAC address at a specific date/time prior to their time of concern, specify whether it was handed out to something else before/after, and that the MAC address is currently (at time of response) connected over X customer's service. I never tell them "that was Mr X", since strictly speaking I have no certainty of that.
Cases I've encountered (here in NC, USA) they have NEVER involved us in the warrant end of things, though we're expected to be available to attest to the procedures used to identify the customer and the accuracy thereof.
Consider a CG-NAT type setup where you tie port ranges to the NAT inside address
In the US ISPs are required to be CALEA compliant, do you not have a similar set of rules up north?
Not that im aware of. But i would like to be complaint. If anyone has a list of hardware i would need to be compliant that would be great.