Educause Security Discussion mailing list archives
Re: HEOA Question
From: Dexter Caldwell <Dexter.Caldwell () FURMAN EDU>
Date: Mon, 31 Jan 2011 10:39:41 -0500
This is a very difficult problem for a few reasons: The DMCA notices themselves include only source host on your network, time stamp and sometimes a protocol and filename. I don't think I ever see the destination, and certainly not the port or session number you'd need to decipher the NAT logs. If you have a large number of users behind the NAT address, many of them could and would be accessing the net on the same ip simultaneously and unless you knew the destination that was the culprit as well as the session to look for, you're essentially limited to looking at those hosts that transmitted during the time frame noted that were doing BitTorrent or whatever protocol they listed. Even if you have all of that information, the problem you then still have is that the time stamp they list in the email is not necessarily synchronized to your systems' time clocks so even if you take the session in your logs that is closest to the instant listed in the timestamp, how can you know that your systems aren't 3 seconds off whatever they sync to, since they do not provide the time source to which the notices correlate?. It would takes an awful lot of logging in even a relatively small environment to save the NAT data, but even when you do, you practically need to save packet payload data to find out who transmitted the file name specified in the notice. I suppose you could focus on only p2p traffic of certain types to narrow it down, but I don't know of anyone that claims to be able to do this in a many to one NAT environment with reasonably scalable efficiency and accuracy with the information provided in the notices and a resonable (per the organization) level of resources to do it with. Dexter The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> writes:
I need some input. Here at USM the students are segregated to a wireless network that is now behind a single address(NAT). This has caused a problem with responding to RIAA notices as we cannot tie the notice to a specific user on the network which in turn affect the compliance to the “Higher Education Opportunity Act” (HEOA). I am going to assume that there are other universities that use the NAT process to control traffic on their perimeter and use non-routable addresses on the internal network. Is there any tool or application I can use that will help to tie the notices back to the person without having to go back to public addressing? William (Bill) Derwostyp, CISSP, G7799, GCIH, GSNA, GSLC, GSPA, GSEC, CCNA, CCSE Technology Security Officer University of Southern Mississippi [ mailto:william.derwostyp () usm edu ]william.derwostyp () usm edu Office: 601-266-5416 [Image][Image] Confidentiality Note: The information contained in this e-mail and/or document(s) attached is for the exclusive use of the individual named above and may contain confidential, privileged, and non- disclosable information. If you are not the intended recipient, you are hereby notified that you are strictly prohibited from reading, photocopying, distributing or otherwise using this e-mail or contents in any way. If you have received this transmission in error, please notify me immediately.
Current thread:
- Re: HEOA Question, (continued)
- Re: HEOA Question Matthew Gracie (Jan 31)
- Re: HEOA Question Eme Ejike (Jan 31)
- Re: HEOA Question Kevin Wilcox (Jan 31)
- Re: HEOA Question SCHALIP, MICHAEL (Jan 31)
- Re: HEOA Question Steve Worona (Feb 01)
- Re: HEOA Question Bulanda, Dave G (Jan 31)
- Re: HEOA Question Gioia, Matthew P. (Jan 31)
- Re: HEOA Question Bulanda, Dave G (Jan 31)
- Re: HEOA Question Harry E Flowers (flowers) (Feb 02)
- Re: HEOA Question Dave Inman (Feb 03)
- Re: HEOA Question Gioia, Matthew P. (Jan 31)
- Re: HEOA Question Matthew Gracie (Jan 31)
- Re: HEOA Question Cal Frye (Jan 31)
- Re: HEOA Question Jacobson, Dick (Jan 31)
- Re: HEOA Question Dexter Caldwell (Jan 31)
- Re: HEOA Question Jacobson, Dick (Jan 31)
- Re: HEOA Question Cal Frye (Jan 31)