Educause Security Discussion mailing list archives
P2P File Sharing and Copiers Causing Multicast Storms; MDNS issues
From: Andrew Watson <Andrew.Watson () COLORADOCOLLEGE EDU>
Date: Wed, 14 Sep 2005 19:35:01 -0600
We had some strange and troublesome network problems during the first week of classes at CC. It appears that someone within our community was doing covert P2P file sharing by routing traffic (Gnutella music and video files) through networked Xerox copiers and HVAC controllers. This resulted in a severe multicast storm that completely saturated our campus network, and caused most devices connected to the network to lock up and crash. We discovered this with the help of a Boulder-based network security firm and have since found a considerable amount of information about copier security vulnerabilities, e.g., www.cfo.com/article.cfm/3013471?f=related. Cisco and our copier manufacturer are helping with the analysis of our data traces but I thought it would be worth asking just a few questions: 1. Have any of you experienced anything like this? 2. If so, how did you combat or fix the problem? 3. Do you know of any other applications that could be causing this problem? On a possibly related note, we have seen a substantial increase in MDNS traffic on campus since school started. During the summer, these traffic levels are typically less than 1% of all campus network traffic. Now it is about 50%, and growing. Our traces indicate that all of this traffic is from Rendezvous (Bonjour) on mostly Macintosh computers. Does anyone know of an easy way to manage or control this traffic? Thanks for your help! Andrew Watson Sr. Systems Administrator The Colorado College 14 E. Cache La Poudre St. Armstrong Hall, 1A Colorado Springs, CO 80903 Phone: 719-389-6733 Fax: 719-389-6733
Current thread:
- P2P File Sharing and Copiers Causing Multicast Storms; MDNS issues Andrew Watson (Sep 14)