Educause Security Discussion mailing list archives
Re: P2P File Sharing and Copiers Causing Multicast Storms; MDNS issues
From: jack suess <jack () UMBC EDU>
Date: Thu, 15 Sep 2005 22:24:12 -0400
Andrew, We make heavy use of vlan's at UMBC. Every building network is designed to have multiple independent vlans. We put all printers on a separate Vlan that can't leave campus or be connected to from off campus (without using the vpn). We also put all HVAC on a separate vlan and limit off-campus access to the vendors we deal with for remote monitoring/support of HVAC. We also have a separate vlan's for all our "campus card" networked vending machines/cash registers/etc. The biggest hassle in doing this is work was working with all the departments and getting all the network printers configured with the new ip addresses associated with the printer vlan. For the really large school that is highly decentralized that may be an intractable problem. jack suess, VP of Information Technology, UMBC On Sep 14, 2005, at 9:35 PM, Andrew Watson wrote:
We had some strange and troublesome network problems during the first week of classes at CC. It appears that someone within our community was doing covert P2P file sharing by routing traffic (Gnutella music and video files) through networked Xerox copiers and HVAC controllers. This resulted in a severe multicast storm that completely saturated our campus network, and caused most devices connected to the network to lock up and crash. We discovered this with the help of a Boulder-based network security firm and have since found a considerable amount of information about copier security vulnerabilities, e.g., www.cfo.com/article.cfm/3013471?f=related. Cisco and our copier manufacturer are helping with the analysis of our data traces but I thought it would be worth asking just a few questions: 1. Have any of you experienced anything like this? 2. If so, how did you combat or fix the problem? 3. Do you know of any other applications that could be causing this problem? On a possibly related note, we have seen a substantial increase in MDNS traffic on campus since school started. During the summer, these traffic levels are typically less than 1% of all campus network traffic. Now it is about 50%, and growing. Our traces indicate that all of this traffic is from Rendezvous (Bonjour) on mostly Macintosh computers. Does anyone know of an easy way to manage or control this traffic? Thanks for your help! Andrew Watson Sr. Systems Administrator The Colorado College 14 E. Cache La Poudre St. Armstrong Hall, 1A Colorado Springs, CO 80903 Phone: 719-389-6733 Fax: 719-389-6733
Current thread:
- Re: P2P File Sharing and Copiers Causing Multicast Storms; MDNS issues jack suess (Sep 15)