Educause Security Discussion mailing list archives
Re: classifying P2P traffic
From: Alex <alex.everett () UNC EDU>
Date: Tue, 29 Jan 2008 11:34:47 -0500
Jason: Your email mentioned monitoring, not necessarily taking some action. Also, I dont think monitoring notices is the best strategy for determining success. Some of the newer applications present challenges for accurately implementing some policy (like rate-limit or block ares-warez). It is difficult to accurately identify every flow for some of these applications. Many of these applications support many protocols. Limewire supports TLS, and Ares-Warez has supported some form of encrypted communications for some time. At University of North Carolina, we use TippingPoint intrusion prevention systems for enforcing a peer-to-peer policy. TippingPoint has been very helpful and worked with us, especially with the latest version of LimeWire. However, we are still challenged with technical hurdles posed by AresWarez. It seems that only some of the flows can be accurately identified. This leaves us with blocking all the users traffic, or letting some traffic by. As far as monitoring alone, what we use works very well. We mainly see bittorrent, utorrent, limewire, and areswarez applications. As an aside, what are other institutions doing for BitTorrent - an application with much more legitimate use? Anyone decided that the work involved in handling notices and possible litigation makes it not worth it? Alex Everett, CISSP University of North Carolina -----Original Message----- From: Hughes, Scott [mailto:hughess () CENTENARYCOLLEGE EDU] Sent: Tuesday, January 29, 2008 10:14 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] classifying P2P traffic We are using Packeteer with great success blocking P2P traffic. Scott C Hughes CTO Centenary College Hackettstown, N.J. -----Original Message----- From: Consolvo, Corbett D [mailto:cc72 () TXSTATE EDU] Sent: Tuesday, January 29, 2008 10:01 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] classifying P2P traffic Jason, We are currently using Tipping Point to monitor/block which has been mostly very successful. We are also in the process of deploying Facetime's RTGuardian solution for spyware - it also has a P2P section that looks pretty sharp. If you are interested I can keep you informed of our progress on that (we just deployed it in test in a small area last night) We think we are catching at least most P2P (based on RIAA notices :) ). Also, our traffic patterns seem pretty healthy. Thanks, Corbett Consolvo Information Security Analyst Texas State University Cc72 () txstate edu -----Original Message----- From: Youngquist, Jason R. [mailto:jryoungquist () CCIS EDU] Sent: Tuesday, January 29, 2008 8:50 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] classifying P2P traffic What devices are you using to monitor P2P traffic and how well are they working for you? Is there some P2P traffic that you believe your monitoring software isn't catching? Ie. encrypted traffic, outdated P2P definitions from the vendor, etc. Thanks. Jason Youngquist jryoungquist () ccis edu
Attachment:
smime.p7s
Description:
Current thread:
- classifying P2P traffic Youngquist, Jason R. (Jan 29)
- <Possible follow-ups>
- Re: classifying P2P traffic David Boyer (Jan 29)
- Re: classifying P2P traffic Consolvo, Corbett D (Jan 29)
- Re: classifying P2P traffic Greene, Chip (Jan 29)
- Re: classifying P2P traffic Hughes, Scott (Jan 29)
- Re: classifying P2P traffic Justin Dover (Jan 29)
- Re: classifying P2P traffic Julian Y. Koh (Jan 29)
- Re: classifying P2P traffic Alex (Jan 29)
- Re: classifying P2P traffic Harris, Michael C. (Jan 29)
- Re: classifying P2P traffic Michael Hornung (Jan 29)
- Re: classifying P2P traffic Michael Hornung (Jan 29)
- Re: classifying P2P traffic Lutzen, Karl F. (Jan 29)
- Re: classifying P2P traffic jkaftan (Jan 29)
- Re: classifying P2P traffic Alex (Jan 29)
- Re: classifying P2P traffic Samuel Young (Jan 29)
- Re: classifying P2P traffic Cal Frye (Jan 29)
- Re: classifying P2P traffic John Kristoff (Jan 29)
- Re: classifying P2P traffic Dan Oachs (Jan 29)
(Thread continues...)