Re: classifying P2P traffic - what about legit uses?

["Scholz, Greg" <gscholz () KEENE EDU>]

We blocked P2P this year and were very vocal at communicating it. We
included the option to allow exceptions.  I was a little concerned of a
landslide of requests (read: more work creating exceptions than dealing
with the original P2P issues).

We were previously receiving hundreds of DMCA violation notices and
customers complaining of general Internet slowness.

We now receive (fingers crossed) no DMCA notices, our bandwidth dropped
so we were able to up the per users rate limiting and have received one
exception request. AND we have more time to troubleshoot real issues and
that troubleshooting is easier because we don't have as much of a mess
of P2P clouding the view.

I guess at least for us we truly are providing a better service now by
blocking P2P with an exception option.


_________________________
Thank you,
Gregory R. Scholz
Director of Telecommunications
Information Technology Group
Keene State College
(603)358-2070
 
--Lead, follow, or get out of the way. 
(author unknown)
 
-----Original Message-----
From: Randy Marchany [mailto:marchany () CANDI2 CIRT VT EDU] 
Sent: Tuesday, January 29, 2008 12:13 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] classifying P2P traffic - what about legit uses?

Having lurked on this and other related threads over the past couple of 
months, I'd like to ask a few questions and make a few observations
about how 
EDUs appear to be dealing with P2P.

1. With all of the "monitoring" and "rate limiting" strategies, how does
your 
institution deal with legit uses of P2P? We're a land grant and our
extension 
division may use P2P to distribute videos/sound recordings of their
products 
to extension agents around the state.  Obviously, blocking all P2P would

prevent them from doing their business. Music students working on
projects and 
putting their "product" on the net for download (legit because
permission was 
given to distribute) is another example.

2. How many BitTorrent servers or other P2P servers are on your campus
nets? 
What type of scanning or metrics do you collect about p2p traffic? The
usual 
suspects like excessive traffic to/from IP address is nice but what do
you do 
to keep tabs on "normal" P2P traffic?

3. An observation: I'm a security type and a musician. I've always
thought 
that banning P2P traffic because of the potential "copyright" problems
was 
like banning the US Postal Service (Fedex, UPS) because someone xeroxed
a book 
and use them to mail the book. I don't buy the volume issue (it's much
faster 
using P2P than USPS....duh!) because that's a smoke screen. The real
issue is 
making sure users understand copyright issues and know what the
potential 
penalties are.  There are legit uses of P2P in our world and I don't see

forcing users to jump through hoops to do real work as being an
effective 
practice. If it's too cumbersome, they'll circumvent it. Having IPS
rulesets 
blocks the casual user but not the determined user. I can remember not
being 
able to download tunes from our band www site because of an arbitrary
block 
while visiting an EDU. Never mind that it was legal (we, the copyright
owners, 
give permission to distribute freely). The block prevented a legit use
of P2P.

4. Another observation: are we taking the easy way by arbitrarily
blocking P2P 
because a) we're short staffed b) we're lazy c) we don't have resources
for 
user education d) we don't have upper mgt support d) we're afraid of the

RIAA/MPAA e) all of the above? Shouldn't we be investing more in the
short 
term (policy enforcement, user education, categorizing P2P traffic to id
the 
illegal stuff)? This short term effort would eliminate a good chunk of
the 
longer term problem.

Just my .01 worth.

        -Randy Marchany
        VA Tech IT Security Office