Re: P2P File Sharing and Copiers Causing Multicast Storms; MDNS issues

[jack suess <jack () UMBC EDU>]

Andrew,

We make heavy use of vlan's at UMBC. Every building network is
designed to have multiple independent vlans.

We put all printers on a separate Vlan that can't leave campus or be
connected to from off campus (without using the vpn).

We also put all HVAC on a separate vlan and limit off-campus access
to the vendors we deal with for remote monitoring/support of HVAC.

We also have a separate vlan's for all our "campus card" networked
vending machines/cash registers/etc.

The biggest hassle in doing this is work was working with all the
departments and getting all the network printers configured with the
new ip addresses associated with the printer vlan. For the really
large school that is highly decentralized that may be an intractable
problem.

jack suess, VP of Information Technology, UMBC

On Sep 14, 2005, at 9:35 PM, Andrew Watson wrote:

> We had some strange and troublesome network problems during the
> first week
> of classes at CC.  It appears that someone within our community was
> doing
> covert P2P file sharing by routing traffic (Gnutella music and video
> files) through networked Xerox copiers and HVAC controllers.  This
> resulted in a severe multicast storm that completely saturated our
> campus
> network, and caused most devices connected to the network to lock
> up and
> crash.  We discovered this with the help of a Boulder-based network
> security firm and have since found a considerable amount of
> information
> about copier security vulnerabilities, e.g.,
> www.cfo.com/article.cfm/3013471?f=related.  Cisco and our copier
> manufacturer are helping with the analysis of our data traces but I
> thought it would be worth asking just a few questions:
>
>
>
> 1.  Have any of you experienced anything like this?
>
>
>
> 2.  If so, how did you combat or fix the problem?
>
>
>
> 3.  Do you know of any other applications that could be causing this
> problem?
>
>
> On a possibly related note, we have seen a substantial increase in
> MDNS
> traffic on campus since school started.  During the summer, these
> traffic
> levels are typically less than 1% of all campus network traffic.
> Now it
> is about 50%, and growing.  Our traces indicate that all of this
> traffic
> is from Rendezvous (Bonjour) on mostly Macintosh computers.  Does
> anyone
> know of an easy way to manage or control this traffic?
>
>
> Thanks for your help!
>
>
>
>
> Andrew Watson
> Sr. Systems Administrator
> The  Colorado College
> 14 E. Cache La Poudre St.
> Armstrong Hall, 1A
> Colorado Springs, CO 80903
> Phone: 719-389-6733
> Fax: 719-389-6733