Educause Security Discussion mailing list archives
Re: Sniffer notification
From: Cal Frye <cjf () CALFRYE COM>
Date: Tue, 23 Mar 2004 12:42:58 -0500
Doug Sandford wrote:
So are you saying that the decision to begin the sniffer process was validated due to network load concerns rather than something else? I'm not saying that that is bad form, mind you.Any action is better than none at all. I am however curious about the circumstances that have led organizations to bite the proverbial bullet and begin sniffing.
I'm not sure I follow the distinction you're making. I'm talking about a very limited use of our Sniffer to tease out the exact sequence of packets establishing and maintaining the conversation between the student's client and our server -- a task no other tool can really do. I'm not proposing an extended or routine practice of packet capturing on an ongoing basis.
Additionally, do any of you by policy differentiate between sniffing, monitoring and scanning? They are sometimes lumped in together often, I suspect, to justify any or all of these processes.
Our policies are pretty nebulous, mostly by design. Nonetheless, good practice calls for "better behaviour" than our policies require. Our students' understanding of our AUP (polling a few standing around the department) expects us to routinely monitor, occasionally scan, and sniff in emergencies only. I would guess more naive students (those not likely to hang about the Computing Center) to not understand the possibility of sniffing at all, hence my original question and obligation to notify students explicitly before we sniff their traffic, even when they originated the complaint leading us to that measure. --Cal Frye, Network Administrator, Oberlin College www.ouuf.org, www.calfrye.com "Everything that's done by the government is done in your name. You are responsible whether you like it or not." -- Helen Thomas. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Sniffer notification, (continued)
- Re: Sniffer notification Matthew Keller (Mar 23)
- Re: Sniffer notification Richard Gadsden (Mar 23)
- Re: Sniffer notification Tracy Mitrano (Mar 23)
- Re: Sniffer notification Brian Reilly (Mar 23)
- Re: Sniffer notification Neil_Sachnoff (Mar 23)
- Re: Sniffer notification Cal Frye (Mar 23)
- Re: Sniffer notification Dan Schneider (Network Administrator) (Mar 23)
- Re: Sniffer notification Doug Sandford (Mar 23)
- Re: Sniffer notification Cal Frye (Mar 23)
- Re: Sniffer notification David L. Wasley (Mar 23)
- Re: Sniffer notification Cal Frye (Mar 23)
- Re: Sniffer notification Carol Myers (Mar 23)
- Re: Sniffer notification Brian Reilly (Mar 23)
- Re: Sniffer notification Brian Kaye (Mar 24)
- Re: Sniffer notification Brian Eckman (Mar 24)
- Re: Sniffer notification Bruggeman, John (Mar 24)