P2P File Sharing and Copiers Causing Multicast Storms; MDNS issues

[Andrew Watson <Andrew.Watson () COLORADOCOLLEGE EDU>]

We had some strange and troublesome network problems during the first week
of classes at CC.  It appears that someone within our community was doing
covert P2P file sharing by routing traffic (Gnutella music and video
files) through networked Xerox copiers and HVAC controllers.  This
resulted in a severe multicast storm that completely saturated our campus
network, and caused most devices connected to the network to lock up and
crash.  We discovered this with the help of a Boulder-based network
security firm and have since found a considerable amount of information
about copier security vulnerabilities, e.g.,
www.cfo.com/article.cfm/3013471?f=related.  Cisco and our copier
manufacturer are helping with the analysis of our data traces but I
thought it would be worth asking just a few questions:

 

1.  Have any of you experienced anything like this?

 

2.  If so, how did you combat or fix the problem?  

 

3.  Do you know of any other applications that could be causing this
problem?

 
On a possibly related note, we have seen a substantial increase in MDNS
traffic on campus since school started.  During the summer, these traffic
levels are typically less than 1% of all campus network traffic.  Now it
is about 50%, and growing.  Our traces indicate that all of this traffic
is from Rendezvous (Bonjour) on mostly Macintosh computers.  Does anyone
know of an easy way to manage or control this traffic?
 

Thanks for your help!

 


Andrew Watson 
Sr. Systems Administrator
The  Colorado College
14 E. Cache La Poudre St.
Armstrong Hall, 1A
Colorado Springs, CO 80903
Phone: 719-389-6733
Fax: 719-389-6733