Educause Security Discussion mailing list archives
Re: classifying P2P traffic - what about legit uses?
From: "Scholz, Greg" <gscholz () KEENE EDU>
Date: Tue, 29 Jan 2008 12:29:31 -0500
We blocked P2P this year and were very vocal at communicating it. We included the option to allow exceptions. I was a little concerned of a landslide of requests (read: more work creating exceptions than dealing with the original P2P issues). We were previously receiving hundreds of DMCA violation notices and customers complaining of general Internet slowness. We now receive (fingers crossed) no DMCA notices, our bandwidth dropped so we were able to up the per users rate limiting and have received one exception request. AND we have more time to troubleshoot real issues and that troubleshooting is easier because we don't have as much of a mess of P2P clouding the view. I guess at least for us we truly are providing a better service now by blocking P2P with an exception option. _________________________ Thank you, Gregory R. Scholz Director of Telecommunications Information Technology Group Keene State College (603)358-2070 --Lead, follow, or get out of the way. (author unknown) -----Original Message----- From: Randy Marchany [mailto:marchany () CANDI2 CIRT VT EDU] Sent: Tuesday, January 29, 2008 12:13 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] classifying P2P traffic - what about legit uses? Having lurked on this and other related threads over the past couple of months, I'd like to ask a few questions and make a few observations about how EDUs appear to be dealing with P2P. 1. With all of the "monitoring" and "rate limiting" strategies, how does your institution deal with legit uses of P2P? We're a land grant and our extension division may use P2P to distribute videos/sound recordings of their products to extension agents around the state. Obviously, blocking all P2P would prevent them from doing their business. Music students working on projects and putting their "product" on the net for download (legit because permission was given to distribute) is another example. 2. How many BitTorrent servers or other P2P servers are on your campus nets? What type of scanning or metrics do you collect about p2p traffic? The usual suspects like excessive traffic to/from IP address is nice but what do you do to keep tabs on "normal" P2P traffic? 3. An observation: I'm a security type and a musician. I've always thought that banning P2P traffic because of the potential "copyright" problems was like banning the US Postal Service (Fedex, UPS) because someone xeroxed a book and use them to mail the book. I don't buy the volume issue (it's much faster using P2P than USPS....duh!) because that's a smoke screen. The real issue is making sure users understand copyright issues and know what the potential penalties are. There are legit uses of P2P in our world and I don't see forcing users to jump through hoops to do real work as being an effective practice. If it's too cumbersome, they'll circumvent it. Having IPS rulesets blocks the casual user but not the determined user. I can remember not being able to download tunes from our band www site because of an arbitrary block while visiting an EDU. Never mind that it was legal (we, the copyright owners, give permission to distribute freely). The block prevented a legit use of P2P. 4. Another observation: are we taking the easy way by arbitrarily blocking P2P because a) we're short staffed b) we're lazy c) we don't have resources for user education d) we don't have upper mgt support d) we're afraid of the RIAA/MPAA e) all of the above? Shouldn't we be investing more in the short term (policy enforcement, user education, categorizing P2P traffic to id the illegal stuff)? This short term effort would eliminate a good chunk of the longer term problem. Just my .01 worth. -Randy Marchany VA Tech IT Security Office
Current thread:
- Re: classifying P2P traffic - what about legit uses? Randy Marchany (Jan 29)
- <Possible follow-ups>
- Re: classifying P2P traffic - what about legit uses? Joel Rosenblatt (Jan 29)
- Re: classifying P2P traffic - what about legit uses? Lutzen, Karl F. (Jan 29)
- Re: classifying P2P traffic - what about legit uses? Scholz, Greg (Jan 29)
- Re: classifying P2P traffic - what about legit uses? Michael Hornung (Jan 29)
- Re: classifying P2P traffic - what about legit uses? Joel Rosenblatt (Jan 29)
- Re: classifying P2P traffic - what about legit uses? David Gillett (Jan 29)
- Re: classifying P2P traffic - what about legit uses? Harris, Michael C. (Jan 29)
- Re: classifying P2P traffic - what about legit uses? Cal Frye (Jan 29)
- Re: classifying P2P traffic - what about legit uses? Curt Wilson (Jan 29)
- Re: classifying P2P traffic - what about legit uses? Tracy Mitrano (Jan 29)
- Re: classifying P2P traffic - what about legit uses? Joel Rosenblatt (Jan 29)
- Re: classifying P2P traffic - what about legit uses? Barbara Torney (Jan 29)
- Re: classifying P2P traffic - what about legit uses? Barbara Torney (Jan 29)
(Thread continues...)