Re: DMCA and NAT

[Brian Helman <bhelman () SALEMSTATE EDU>]

And that 10 minutes could be reduced to 1-2 if the complaints contained the needed information.  If the RIAA/MPAA want 
our assistance, they should give us the information we need.  This is why SOPA is so dangerous.  The RIAA/MPAA will 
have no responsibility in protecting their "own" IP... including incurring none of the enforcement costs.

All in all, I believe higher ed wants to act responsibly, but the more the (recording/movie) industry pushes, the more 
I want to push back (anyone else have that StarWars Death Star scene and the line "the more you tighten your grip, the 
more they slip through your fingers" stuck in your head now?  Ok, me neither.  Never seen it.).

/soapbox.

-Brian

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of hall, 
rand
Sent: Wednesday, November 30, 2011 11:22 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] DMCA and NAT

It only takes us about 10 minutes to process a takedown request. We get a couple per week--which is mostly our own 
fault because our education program is minimal.

I would imagine that processing time is largely related to your infrastructure and available tools.

Rand
On Wed, Nov 30, 2011 at 10:39 AM, SCHALIP, MICHAEL <mschalip () cnm edu<mailto:mschalip () cnm edu>> wrote:
Has anyone gone as far as trying to calculate the "cost per incident" of having to respond to something like this?  
While it's almost always *possible* to track something like this down to a 95% certainty, (given enough time and FTE 
funding to HAVE someone do this!?)......what is it costing our institutions to respond to these kinds of things??  Even 
if it only takes 1-2 hours to come up with this 95% certainty - what is that 1-2 hours costing us over the course of a 
year?  Surely someone has already calculated this....??

M

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>] On Behalf Of hall, rand
Sent: Wednesday, November 30, 2011 8:10 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] DMCA and NAT

Kevin,

We generate copious NAT logs off our firewall (Cisco ASA) and compress the crap out of them nightly. Doable.

When we get a takedown notice we decompress the log for the day in question and and grep the IP/port combo. By and 
large, the time is right on target (well within a minute). That log file entry goes in the evidence pile.[The only 
requests We've had trouble with are ARES requests from RIAA. I've repeatedly offered to work with them to figure out 
why they're broken. Crickets.]

We look at our NAC (Impulse) records to see who owned the internal address at that time. We grab a pretty screenshot 
and add it to the evidence pile.

If the address is from an internal wireless (Meraki) pool we look for layer 7 evidence of P2P use. If we see any we 
grab a pretty screenshot and add it to the evidence pile.

If the identified machine is currently on the network we'll look for live evidence of P2P traffic on our bandwidth 
shaper (Procera).  If we see any we grab a pretty screenshot and add it to the evidence pile.

Once the evidence is compiled we forward the takedown notice and evidence to the student. In our cover letter we are 
charitable and suggest that, perhaps, they don't realize that they are sharing the file and ask them to disable access 
to the file. We offer to further explain, to assist in disabling access, and to accept that they actually have 
copyright holder's permission to share the file. We ask them to help the college maintain its online reputation.


Rand

Rand P. Hall
Director, Network Services                 askIT!
Merrimack College
978-837-3532
rand.hall () merrimack edu<mailto:rand.hall () merrimack edu>

On Tue, Nov 29, 2011 at 10:42 AM, Kevin Halgren <kevin.halgren () washburn edu<mailto:kevin.halgren () washburn edu>> 
wrote:
Looking at the current discussion on DMCA notices, I was wondering how those of you using NAT handle associating a DMCA 
notice with a particular client system.  This continues to be a challenge for us.

Kevin



--
This message has been scanned for viruses and
dangerous content by MailScanner<http://www.mailscanner.info/>, and is
believed to be clean.

--
This message has been scanned for viruses and
dangerous content by MailScanner<http://www.mailscanner.info/>, and is
believed to be clean.