Educause Security Discussion mailing list archives
Re: Blocking p2p traffic
From: Robert Lau <rslau () USC EDU>
Date: Fri, 3 May 2013 19:34:42 +0000
We are using Fortinet 10gig blades to rate limit or block P2P on selected networks. But P2P traffic on those networks has rapidly declined over the past year. Streaming overtook P2P a while ago (several orders of magnitude more traffic). Why wait X minutes to download a movie when you can watch it instantly? However, if your uplink cannot support multiple simultaneous HD streams, then people may need to resort to P2P downloading. Based on our experience, and conversations with certain entities, we know that rate limiting does not eliminate DMCA notices. The companies that send the notices use various detection techniques (monitoring tracker activity, seeding trojan content, etc.) It does not matter if a client is only down/uploading at 100kbps, the fact that they are participating at all can be enough to trigger the warning. To people who have recently installed tech and saw a decrease in DMCA notices, I suspect that is due more to the death of P2P rather than the effectiveness of the tech. -robert From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David Curry Sent: Thursday, May 02, 2013 13:31 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Blocking p2p traffic We currently have an aging Packeteer whose sole remaining purpose in life is to "shape" peer-to-peer file sharing traffic (BitTorrent and friends) down to zero, thus keeping us from receiving DMCA takedown requests. It's worked well at this for several years, but now we're starting to max it out as far as licensed bandwidth goes, and we're not inclined to spend more money on such an old device. So... we're in the market for something new, and thought we'd ask what other schools are using. From a bit of research it looks like Procera and Exinda are still in that space; A10 has a product on their website still, but it doesn't look like there's much focus on it anymore (maybe we're wrong). Juniper SRX firewalls (which we own) have some capabilities in this space via their AppID stuff; we'd be interested in hearing from anyone using them for that purpose. And yes, we know that Palo Alto firewalls can do it -- but we don't have Palo Altos and have no plans to purchase them anytime soon, so that's not really an option for us. If you're using something OTHER THAN a Palo Alto firewall to block/limit/reduce peer-to-peer traffic: * What product are you using? * What are you doing with peer-to-peer (blocking, limiting, etc.) * How well is it working? * Do you like it? After responses taper off, I'll summarize back to the list. Thanks, --Dave -- DAVID A. CURRY, CISSP € DIRECTOR OF INFORMATION SECURITY THE NEW SCHOOL € 55 W. 13TH STREET € NEW YORK, NY 10011 +1 212 229-5300 x4728 € david.curry () newschool edu<mailto:david.curry () newschool edu>
Current thread:
- Blocking p2p traffic David Curry (May 02)
- Re: Blocking p2p traffic Russ Leathe (May 02)
- Re: Blocking p2p traffic Coffman, Tobiah (May 03)
- Re: Blocking p2p traffic David Curry (May 07)
- Re: Blocking p2p traffic Santabarbara, Angelo (May 07)
- Re: Blocking p2p traffic John Ladwig (May 07)
- Re: Blocking p2p traffic Miller,James R (May 07)
- Re: Blocking p2p traffic Leo Song (May 07)
- Re: Blocking p2p traffic David Curry (May 07)
- Re: Blocking p2p traffic Santabarbara, Angelo (May 07)
- <Possible follow-ups>
- Re: Blocking p2p traffic Robert Lau (May 03)
- Re: Blocking p2p traffic Russ Leathe (May 02)