IP / MAC search

raunak · September 27, 2017, 3:06pm

Hi,

In India, the cybercrime sends request in the following format

IP address
Time stamp
Port

The ISP has to provide the details of the user who was using the particular IP during specified timestamp.

Is such a searh possible in ZIMA cloud.

ISP is supposed to keep logs searchable in the system for upto a year and keep backup of the older logs

In your earlier version, it was possible through radacct.

Your cloud version earlier didn’t have this feature. Is it available now?

Regards,

Raunak

hssindigo · September 27, 2017, 6:31pm

Hi Raunak,

I understand that RADACCT is a part of freeradius

Zima desktop was built around it, currently zima cloud is offering only pppoe authentication via API.

Hopefully it can be treated and worked upon as feature request.

Just a thought, cybercrime in India will give you WAN IP, port and time stamp,
How will you find the user in NAT environment, especially under common public ip, just the way we most Indian isp use it.

faisalusuf · October 3, 2017, 2:08pm

Due to regulatory requirements (vary depends on Country policies) usually required to keep the subscriber CDR or Usage data for certain duration.
In case of public IP the case is straight forward to record standard Radius details e.g. Username, IP address, MAC address, Session start, session stop, NAS client IP etc in the database.
The case of NAT is a bit different. For large ISPs CGNAT solution is preferred but its not only very costly but also have O&M overheads to manage large disk space requirements and tightly couple timing with BRAS/BNS/RAS and Radius server database.

For smaller ISP the same can be achieved using logging feature of Mikrotik firewall. For large number of users the static NAT should be used with different log prefix to identify PVT-PUB IP mapping correctly. The output can be send to remote server and parse it in a database. The connection tracking or NATLOGs need frequent data writes to the HDD. The correlation b/w user and Connection tracking logs can be accomplish using Mikrotik APIs. DMAsoft lab Radius manager has similar feature available.

From the inquiring party you would need SRC-IP, SRC-PORT, DST-IP and DST-Port and time-stamp to correctly identify the NATed users.

Thanks
Faisal.

support.zima · October 10, 2017, 11:41am

Here’s a way to track connections using Mikrotik and Syslog:

Does that answer your use case or still prefer it integrated on the radius side?