Educause Security Discussion mailing list archives

Re: RIAA Timestamps Off

From: Alex Everett <alex.everett () UNC EDU>
Date: Wed, 3 Oct 2007 11:29:32 -0400

Greg:

Peers behing a NAT (many-to-one) device can still share infringing material
or make it available to others. There are good articles on the net on how
P2P apps traverse NAT networks. In some cases, this was done through the use
of supernodes or ultrapeers which act as a intermediary.

Reference:
http://www.brynosaurus.com/pub/net/p2pnat/

Alex Everett, CISSP
ITS Security
University of North Carolina

-----Original Message-----
From: Scholz, Greg [mailto:gscholz () KEENE EDU]
Sent: Wednesday, October 03, 2007 11:01 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] RIAA Timestamps Off

With fear of pulling this conversation off topic, I was under the impression
that if you were NATing (unless you had a one for one for the whole network)
machines could not be publicly reachable servers.  If the IP address to
reach a specific machine is not specifically assigned how does an Internet
client reach them?

Couple that with the wording on every DMCA notice I have seen "a computer on
your network is making infringing material available for download" (not "has
downloaded").

So how/why are you schools that are NATing getting these notices? I
completely understand that your students can continue to download but how
can they be the source?  Is it that they are "offering it to the world" when
they login to their P2P network but they never really are reachable. That
sounds more plausible.

And then I would have the concern that they can download to their hart's
content but can never be found which IMHO is not a good "educational"
perspective.

_________________________
Thank you,
Gregory R. Scholz
Director of Telecommunications
Information Technology Group
Keene State College
(603)358-2070

--Lead, follow, or get out of the way.
(author unknown)

-----Original Message-----
From: Dennis Bohn [mailto:BOHN () ADELPHI EDU]
Sent: Tuesday, October 02, 2007 7:56 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] RIAA Timestamps Off

We have many-to-one nats in our Resnet (vendor C would call this PAT.) To ID
the user we must verify each notice with our logs.  If there was no flow
matching the allegation in terms of time, source and destination ip address
and port, the case is unsubstantiated.  This has happened less frequently in
the past year than previously, but has still happened.  Of course, if the
complaint is substantiated, action is taken.

Best,
dennis


dennis bohn
network manager
5168773327
<message fabricated with 100% recycled electrons>

Attachment: smime.p7s
Description:

Current thread:

Re: RIAA timestamps off Jordan Wiens (Oct 01)
- <Possible follow-ups>
- Re: RIAA timestamps off Sweeny, Jonny (Oct 01)
- Re: RIAA timestamps off Dave Koontz (Oct 01)
- Re: RIAA Timestamps Off Dennis Bohn (Oct 02)
- Re: RIAA timestamps off Chris Edwards (Oct 03)
- Re: RIAA timestamps off David Taylor (Oct 03)
- Re: RIAA Timestamps Off Scholz, Greg (Oct 03)
- Re: RIAA Timestamps Off Alex Everett (Oct 03)
- Re: RIAA timestamps off Valdis Kletnieks (Oct 03)