From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id A3AF83B2A4 for ; Wed, 5 Jun 2024 11:11:08 -0400 (EDT) Received: by mail-ed1-x52a.google.com with SMTP id 4fb4d7f45d1cf-57a3d21299aso77442a12.2 for ; Wed, 05 Jun 2024 08:11:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seiden-com.20230601.gappssmtp.com; s=20230601; t=1717600267; x=1718205067; darn=lists.bufferbloat.net; h=to:date:message-id:subject:mime-version:content-transfer-encoding :from:from:to:cc:subject:date:message-id:reply-to; bh=bP0Ao87INy4z0fP9k/SYB2mruF4wh27lQbJfCU8fzRA=; b=KmAGCVoMVjDXUGxByca/1wdQeZcQFuJWKylATDrhruYw68uHnSZiugUK/jZLLt/mzu 4jthKMUja6byY4hK1sBhGWrPb28Bv6SIKnFeaSWfOSltkS2KULGGirXmKl83QjHFRY6h VLVRQWxWKBYRNMbJ/K2Nte9uLw5lCs2a+qCpXpJPxJHyJZtb4l7XkitfYRcHNO8F0Vq7 Qexl+ChOxX6MxzG0dOKpV5AxmD4CboNFXmeAYVrLaVTorqqIkOCTXYJ+5utBPcXZMLaz TX6QWMepHqOKKZ8lo06jUfAoLL4Jh6a8GhD5L5gof2GeVWG7lrN2vVI9+fvenqmA+kxx L+GA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717600267; x=1718205067; h=to:date:message-id:subject:mime-version:content-transfer-encoding :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=bP0Ao87INy4z0fP9k/SYB2mruF4wh27lQbJfCU8fzRA=; b=P+5VoNDOd5TTH5AUGHVle+bcU+FYtWK3zBJ8MJJT0Coh++GwaRrkv4DGZ/TqvvfdgW r5OSCqPD9uFqfPGgA8nAevYEUvcFLdndQSwxjdFINiwKtve9Rne3oeBM+L7sKbZimgQQ 8nBK2yJlrrolxc6R8Tt3IjjIT4aUumvlknhxatUOm1znQ2NtqsjziWz2BQcMwocPnx1A lV147PxVUsOWw+985ZWa382AwijG2wqZ3HobL3Dijch5JHliNwkWoUK34tn2WEO9XsYi Yu7dVFcyKE3ZMoR+R1p/mPnnzBJf/e6FIgnyP6x9/tzUoDMgzOumyD0EB3BA6J72lf+T mMiw== X-Gm-Message-State: AOJu0Yw321qcUwI9nlIxGEbB3RXcKauDBBNBBFXA8bCWrUwbTdqmdlsm zbvN00iqGv9odfGlnfvr3e/KralzoCGZ3O7emVFzf88dgbrXBHkTKEdkx1lj/H4mXzWuBzOeTa4 YIPw= X-Google-Smtp-Source: AGHT+IFfNVp+x/KWMlA428MWbJqF9fA8kxyF47YAGNE8Gg0ZMGW8yWcH6CcIQ0NgZQ6yKimIbvBp+g== X-Received: by 2002:a50:c314:0:b0:57a:2ccb:b3f1 with SMTP id 4fb4d7f45d1cf-57a8bcb420dmr1762131a12.26.1717600266808; Wed, 05 Jun 2024 08:11:06 -0700 (PDT) Received: from smtpclient.apple (net-2-36-97-90.cust.vodafonedsl.it. [2.36.97.90]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-57a31c9c0desm9468294a12.85.2024.06.05.08.11.06 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 05 Jun 2024 08:11:06 -0700 (PDT) From: Mark Seiden Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.600.62\)) Message-Id: <73440958-79CA-44E1-9BA1-95C65B8E3E50@seiden.com> Date: Wed, 5 Jun 2024 17:10:55 +0200 To: starlink@lists.bufferbloat.net X-Mailer: Apple Mail (2.3774.600.62) Subject: [Starlink] dhcp/network usage logs (unrelated to bufferbloat) X-BeenThere: starlink@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Starlink has bufferbloat. Bad." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Jun 2024 15:11:08 -0000 (sorry if this is too far off-topic, but you are the sort of people who = are likely to just know about this, and i can=E2=80=99t get any info out = of spacex, so far.) i am looking into a possible PII breach (but certainly exceeding = authorized access) coming from a couple=20 starlink ip addresses. the addresses are shown as being in either = starlink (denver) or starlink (dallas). we actually believe these are coming from a place in kansas that might = talk via either adjacent state, but i deeply do not understand how the data flows between the, uh, dish, and customer = equipment, and ground stations. (the last ground=20 station list i can find by web search is 3 years old.) at the moment we believe this is usage coming from my client=E2=80=99s = own starlink equipment, i.e. this is an attack from the inside. so we asked starlink support for any sort of usage logs for the = customer=E2=80=99s own device (particularly ip address assignments)=20 for specific dates, and they so far refuse to provide such information = other than, they say, to law enforcement, who is not yet involved in the case. it=E2=80=99s unusual, in my experience, for an ISP to refuse to provide = a customer=E2=80=99s own historical usage data to that same customer. has anyone had a similar experience of asking for their own ip address = assignments and usage data and being turned down? has anyone actually gotten dhcp address assignment logs from spacex and, = if so can you send me a few sample lines so i can look at what they could provide? does anyone know what other data starlink actually logs? (presumably = location, at least). does anyone know what the retention period is? (we are looking for 6 = months of 2024 data). (btw, my understand is that starlink uses cg-nat, and the logs we have = of the abused service do not include port numbers,=20 just ip addresses, sigh.) thanks for any helpful info or pointers to Them That Might Know. =E2=80=94 mark seiden