Educause Security Discussion mailing list archives

Re: RIAA Notices

From: "Stanclift, Michael" <michael.stanclift () ROCKHURST EDU>
Date: Tue, 27 Jan 2009 09:09:55 -0600

That is an excellent site Tim.

Michael Stanclift
Network Analyst
Rockhurst University

http://help.rockhurst.edu
(816) 501-4231

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Tim Cline
Sent: Tuesday, January 27, 2009 8:30 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] RIAA Notices

Similar to others in this thread, we use log files to identify which 
device was involved in the incident and notify the individual who 
registered the device in question. We then temporarily block access to 
the network for the device in question. For a first offense, we require 
the individual to meet with administrative staff. Subsequent offenses 
are referred to the Dean of Students as Honor Code violations.

We block some P2P traffic and rate-limit others. We try to raise 
awareness of the issues through web sites (see 
http://security.unc.edu/filesharing/), through articles in local media, 
and through coordination with our ResNET group.



Regards,
Tim Cline


Tim Cline
ITS Security Analyst
ITS Security / Information Technology Services
The University of North Carolina at Chapel Hill
(919) 445-9388
Tim_Cline () unc edu

Doty, Timothy T. wrote:

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Michael Sana
Sent: Monday, January 26, 2009 1:01 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] RIAA Notices

Aloha,

Not trying to hijack this thread but I think its relative...

[snip]

2. For those who block P2P, how do you deal with distinguishing between
legitimate P2P transfers such as an ISO Linux download versus
copyrighted material.


We only block by default. In fact, this is one of the reasons we have the
automated tool for enabling P2P. Our disabling by default has as much to do
with the inordinate load it puts on the network as anything else. Another
factor is things that are "P2P-like" -- which includes (for example)
matching services used by some online games.

Oh, and to quibble ;), the ISO Linux download *is* a download of copyrighted
material. A lot (most?) of the data going across the network is copyrighted
thanks to that being automatic for qualifying works. The question really is
one of license to distribute -- and I defy anyone to come up with a
technical solution that can determine whether or not the source has a
license (or is otherwise permitted) to distribute to the recipient(s) of the
transfer.

Occasionally the argument is made that P2P is "faster" but that is really
only a specialty case, and even then it is *always* less efficient. Our
current infrastructure can handle P2P, but we had to upgrade it because of
the routing load P2P imposes. I'll take HTTP or FTP over P2P any day...

We are currently using a packet shaper to identify/throttle/block P2P
in
conjunction with a CS MARS box to readily flag/identify if it believes
a
P2P transaction is occurring.  From there, we can cross reference the
internal IP with Bradford to identify who the laptop is registered to
(not always necessarily the owner).  And because we NAT, I can also use
CS MARS to do a query on reverse NAT translations when the dreaded
letters come in.  This process is still currently in refinement...


Sounds like a lot of work to me. The Cisco SCE handles this transparently
for us...

Tim Doty

mike.sana.

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Anand S Malwade
Sent: Monday, January 26, 2009 5:02 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] RIAA Notices

All,

I was wondering how other Universities deal with RIAA notices ? Do you
really invest the time and effort to track down ? what methodology and
tools do you use for investigation ? Do you block all peer-peer traffic
?

Thanks,
Anand

Anand Malwade
Information Security Officer,
Seton Hall University
malwadan () shu edu

Current thread:

Re: RIAA Notices, (continued)
- Re: RIAA Notices John Kaftan (Jan 26)
- Re: RIAA Notices Anthony Maszeroski (Jan 26)
- Re: RIAA Notices Michael Sana (Jan 26)
- Re: RIAA Notices Stanclift, Michael (Jan 26)
- Re: RIAA Notices Doty, Timothy T. (Jan 26)
- Re: RIAA Notices Tim Cline (Jan 27)
- Re: RIAA Notices Brenda B Gombosky (Jan 27)
- Re: RIAA Notices Joel Rosenblatt (Jan 27)
- Re: RIAA Notices Scholz, Greg (Jan 27)
- Re: RIAA Notices Ken Connelly (Jan 27)
- Re: RIAA Notices Stanclift, Michael (Jan 27)
- Re: RIAA Notices Peter Charbonneau (Jan 27)
- Re: RIAA Notices Bob Bayn (Jan 27)
- Re: RIAA Notices Cal Frye (Jan 27)
- Re: RIAA Notices Valdis Kletnieks (Jan 27)
- Re: RIAA Notices Doty, Timothy T. (Jan 27)
- Re: RIAA Notices Steve Worona (Jan 28)
- Re: RIAA Notices Manuel Amaral (Jan 29)