Educause Security Discussion mailing list archives
Re: How do you handle the P2P problem?
From: Peter Charbonneau <Peter.Charbonneau () WILLIAMS EDU>
Date: Thu, 13 Nov 2003 07:42:41 -0500
We are a fully switched Cisco campus. We have been using CiscoWorks to locate people (CampusManager); given that polling takes place every 2 hours, this is not a good solution for mobility. We have created a "home-grown" Perl and PHP poller that polls all 350 switches every 15 minutes; we use the dynamic arp cache in the core 6509's to map MAC to IP address - voila - instant locator. We also use Snort. WE DO get quite a number of false positives; however, I have NEVER seen false positives for the P2P users. If you turn on the P2P rules, I think you will find the IPs of the violators. Out legal counsel has told us that if we ban P2P, and anything "slips" through, then we are liable AS A CAMPUS. HTH, PeteC ************************************************************************* Peter Charbonneau Williams College Sr. Network and Systems Administrator Office for Information Technology Jesup Hall Room 112 22 Lab Campus Drive (413) 597-3408 (Phone) Williamstown, MA 01267 (413) 597-4103 (Fax) Peter.Charbonneau () williams edu ************************************************************************* -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU]On Behalf Of Clyde Hoadley Sent: Wednesday, November 12, 2003 1:54 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] How do you handle the P2P problem? I'm looking for simple and low cost solutions to some difficult problems. How do you accurately detect illegal peer-to-peer file sharing activity? How do you accurately identify and locate a user who is engaging in illegal peer-to-peer file sharing? Metro State does have some problems with illegal peer-to-peer file sharing however, we are solely a commuter campus. We do not have dormitories etc... to support. So, our P2P problem probably isn't as big as some other institutions P2P problems. Most of our network uses DHCP addresses. We are not using MAC address authorization at this time. We have a single Internet gateway. We are doing Ingress filtering - permitting incoming connections for specific port/protocols to specific hosts. We do limited Egress filtering - permitting almost any outgoing connection. We also have SNORT watching the gateway traffic but have most of the rules turned off due to the high volume of false positives. We could deny high port to high port connections but that would also stop a lot of very legitimate traffic. We have not received any subpoenas but we do occasionally receive an Email notice of Copyright infringement. How are the rest of you dealing with the illegal peer-to-peer file sharing problem? -- Clyde Hoadley Security & Disaster Recovery Coordinator Division of Information Technology Metropolitan State College of Denver hoadleyc () mscd edu http://clem.mscd.edu/~hoadleyc/ (303) 556-5074 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- How do you handle the P2P problem? Clyde Hoadley (Nov 12)
- <Possible follow-ups>
- Re: How do you handle the P2P problem? Steve Bernard (Nov 12)
- Re: How do you handle the P2P problem? Peter Charbonneau (Nov 13)
- Re: How do you handle the P2P problem? Mark Poepping (Nov 13)
- Re: How do you handle the P2P problem? Bradford B. Saul (Nov 13)
- Re: How do you handle the P2P problem? Dan Updegrove (Nov 13)
- Re: How do you handle the P2P problem? Bob Kalal (Nov 13)
- Re: How do you handle the P2P problem? Bruhn, Mark S. (Nov 13)
- Re: How do you handle the P2P problem? Bob Kalal (Nov 13)
- Re: How do you handle the P2P problem? Wada, Kent (Nov 13)
- Re: How do you handle the P2P problem? Bob Kalal (Nov 13)
- Re: How do you handle the P2P problem? Bruce Purcell (Nov 13)
- Re: How do you handle the P2P problem? Dan Updegrove (Nov 14)
(Thread continues...)