The Internet Protocol Detail Record standardizes the collection of many sorts of data from network infrastructure. This covers data collection from network sources such as modems and other IP devices. IPDR may give improved visibility into network activity. IPDR supporters say it is more efficient and scalable than SNMP (Simple Network Management Pr. It is particularly valuable for forensic investigations and suspect tracing, and it can be useful to police.
The IPDR logs contain various fields divulging the details of the user’s internet activity. This include
- Calling/Called Mobile Number
- Session’s Duration
- Start and End Time of Session
- Size of Data transferred in the session
- Internet / External IP address of user IPv4 or IPv6
- User’s Port Number
- ID and Location of Cell Tower
- Protocol and Service used
- Azimuth Angle of user’s device from cell tower
Due to the influx of cutting edge technological developments in the cyber sector and emergence of a new breed of cyber threats, the need to update the existing guidelines and protocol governing the various aspects of the internet has revived.
Recent changes to IPDR Guidelines
a. Addition of new parameters : The revised format revoked the form No. 820-01/98-LR/Vol.(IX) Pt. I of 2013, and added more criteria to the information pool of users in IPDR bringing the number of parameters to 16. As per latest amendments of 2021 the IDPR must contain the following users details
- Name of individual / Organization
- Contact No.
- Alternate Contact No.
- Email ID
- Landline MSISDN/MDN/Leased circuit ID for internet access
- User ID for internet access bases on authentication
- Source IP address with Source Port in case of NATing
- Static/ Dynamic IP Address Allocation
- Destination IP with destination port
- IP Allocation Start Date/ Time in IST format
- IP Allocation End Date/ Time in IST format
- Source MAC Address/ Device ID No./Virtual MAC Address
- IMSI and SIM type
- Additionally parameters to be feeded in SYS LOG (System Logging Protocol) of network address translation (NAT) to access the internet. This include:
- Start Date
- End Date
- Source IP Address
- Source Port
- Translated IP address
- Translated Port
- Destination IP Address
- Destination port
Extended period of records maintenance: In accordance with the previous circular No. 820-/98-LR/Vol. (VIII) Part-II issued by the department of telecommunications on April 13, 2021, all Internet service providers (ISPs) were required to keep all commercial records, call detail records (CDR), exchange detail records (EDR), and Internet protocol detail records (IPDR) pertaining to communications exchanged on their network for at least one year in order to be examined by the government for security reasons before destroying them.
The DoT changed the previous rules in December 2021, and as of Circular No. 20-271/2010 AS-I Vol. (III) issued by the department of telecommunications on December 21, 2021, all ISPs must now keep all commercial records, Call Detail Records (CDR), Exchange Detail Records (EDR), and Internet Protocol with regard to the communications exchanged on their network for at least two years for government scrutiny for security reasons before destroying them, unless otherwise directed.
Other than individual subscribers, Internet service providers and UASL (Unified Access Service License)/CMTS (Cellular Mobile Telephone Service)/UL (Unified License) (AS)/UL Licensees must inform their users about the need to record and retain NAT SYSLog Parameters for any NAT mechanism they may have used to enable access to the internet through an internet connection. They must likewise comply with this request from the Service Providers. The updated format came into effect on March 31, 2022.
Author: Mr. Shrey Madaan, Research Associate, CyberPeace Foundation