Re: DMCA and NAT

["hall, rand" <rand () MERRIMACK EDU>]

It only takes us about 10 minutes to process a takedown request. We get a
couple per week--which is mostly our own fault because our education
program is minimal.

I would imagine that processing time is largely related to your
infrastructure and available tools.

Rand

On Wed, Nov 30, 2011 at 10:39 AM, SCHALIP, MICHAEL <mschalip () cnm edu> wrote:

> Has anyone gone as far as trying to calculate the “cost per incident” of
> having to respond to something like this?  While it’s almost always **
> possible** to track something like this down to a 95% certainty, (given
> enough time and FTE funding to HAVE someone do this!?)……what is it costing
> our institutions to respond to these kinds of things??  Even if it only
> takes 1-2 hours to come up with this 95% certainty – what is that 1-2 hours
> costing us over the course of a year?  Surely someone has already
> calculated this….??****
>
> ** **
>
> M****
>
> ** **
>
> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
> SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *hall, rand
> *Sent:* Wednesday, November 30, 2011 8:10 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] DMCA and NAT****
>
> ** **
>
> Kevin,****
>
> ** **
>
> We generate copious NAT logs off our firewall (Cisco ASA) and compress the
> crap out of them nightly. Doable.****
>
> ** **
>
> When we get a takedown notice we decompress the log for the day in
> question and and grep the IP/port combo. By and large, the time is right on
> target (well within a minute). That log file entry goes in the evidence
> pile.[The only requests We've had trouble with are ARES requests from RIAA.
> I've repeatedly offered to work with them to figure out why they're broken.
> Crickets.]****
>
> ** **
>
> We look at our NAC (Impulse) records to see who owned the internal address
> at that time. We grab a pretty screenshot and add it to the evidence pile.
> ****
>
> ** **
>
> If the address is from an internal wireless (Meraki) pool we look for
> layer 7 evidence of P2P use. If we see any we grab a pretty screenshot and
> add it to the evidence pile.****
>
> ** **
>
> If the identified machine is currently on the network we'll look for live
> evidence of P2P traffic on our bandwidth shaper (Procera).  If we see any
> we grab a pretty screenshot and add it to the evidence pile.****
>
> ** **
>
> Once the evidence is compiled we forward the takedown notice and evidence
> to the student. In our cover letter we are charitable and suggest that,
> perhaps, they don't realize that they are sharing the file and ask them to
> disable access to the file. We offer to further explain, to assist in
> disabling access, and to accept that they actually have copyright holder's
> permission to share the file. We ask them to help the college maintain its
> online reputation.****
>
> ** **
>
>            ****
>
> Rand****
>
>  ****
>
> Rand P. Hall****
>
> Director, Network Services                 askIT!****
>
> Merrimack College****
>
> 978-837-3532****
>
> rand.hall () merrimack edu****
>
>
>
> ****
>
> On Tue, Nov 29, 2011 at 10:42 AM, Kevin Halgren <
> kevin.halgren () washburn edu> wrote:****
>
> Looking at the current discussion on DMCA notices, I was wondering how
> those of you using NAT handle associating a DMCA notice with a particular
> client system.  This continues to be a challenge for us.
>
> Kevin****
>
> ** **
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean. ****
>
> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean.