Educause Security Discussion mailing list archives
Re: Large edu's doing NAT campus wide?
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Mon, 30 Apr 2007 09:38:37 +1200
Joe St Sauver wrote:
On the other hand, I think there may be a growing number of instances when an IP address plus a time stamp and time zone map to a few hundred (or thousand) individuals, and reducing the size of that set any further can only be done if you have access to log files, etc. Examples include: -- campus wide NATs using just one (or a small number of) shared public gateway address
We are using NAT for our resnet and this drove me nuts until I moved sensors into the network itseslf
-- large shell account hosts (we could talk about identd I suppose)
We used to have these and go arond the problem by forcing traffic through a proxy which used inetd
-- traffic from campus proxy servers (we could talk about things like HTTP_X_FORWARDED_FOR when it is used, I suppose)
I hate squid logs :( I've had a couple of half hearted attempts to write scripts that matched Snort alerts to squid logs to track down machines infected by spyware. Both times i've given up before producing something useful (clocks never match exactly :(). How do folk cope with dynamic dhcp ? At the moment we generally use static addressing but our network management really like the idea of not having to keep track of IP address allocations... With our wireless setup I've got stuff in database which can be queiried but it isn't that fast. If someone has come up with a schema and queries that can identify who was using an IP at a particular time from table of dhcp and radius records *without* having to sort multiple results then I'd love to have it :) Russell.
Current thread:
- Large edu's doing NAT campus wide? Joe St Sauver (Apr 28)
- <Possible follow-ups>
- Re: Large edu's doing NAT campus wide? Scott O. Bradner (Apr 28)
- Re: Large edu's doing NAT campus wide? Randy Marchany (Apr 28)
- Re: Large edu's doing NAT campus wide? Randall C Grimshaw (Apr 29)
- Re: Large edu's doing NAT campus wide? Jeff Murphy (Apr 29)
- Re: Large edu's doing NAT campus wide? Joe St Sauver (Apr 29)
- Re: Large edu's doing NAT campus wide? Chris Allison (Apr 29)
- Re: Large edu's doing NAT campus wide? Kenneth Arnold (Apr 29)
- Re: Large edu's doing NAT campus wide? Russell Fulton (Apr 29)
- Re: Large edu's doing NAT campus wide? Cal Frye (Apr 29)
- Re: Large edu's doing NAT campus wide? Jeff Kell (Apr 29)
- Large edu's doing NAT campus wide? Marcos Vieyra (Apr 30)
- Re: Large edu's doing NAT campus wide? Clifford Collins (Apr 30)
- Re: Large edu's doing NAT campus wide? Justin Azoff (Apr 30)
- Re: Large edu's doing NAT campus wide? Roger Safian (Apr 30)
- Re: Large edu's doing NAT campus wide? Brian Paige (Apr 30)
- Re: Large edu's doing NAT campus wide? John Ladwig (Apr 30)
- Re: Large edu's doing NAT campus wide? John Ladwig (Apr 30)
- Re: Large edu's doing NAT campus wide? Kevin Shalla (May 02)
(Thread continues...)