Re: DMCA and NAT

["hall, rand" <rand () MERRIMACK EDU>]

Kevin,

We generate copious NAT logs off our firewall (Cisco ASA) and compress the
crap out of them nightly. Doable.

When we get a takedown notice we decompress the log for the day in question
and and grep the IP/port combo. By and large, the time is right on target
(well within a minute). That log file entry goes in the evidence pile.[The
only requests We've had trouble with are ARES requests from RIAA. I've
repeatedly offered to work with them to figure out why they're broken.
Crickets.]

We look at our NAC (Impulse) records to see who owned the internal address
at that time. We grab a pretty screenshot and add it to the evidence pile.

If the address is from an internal wireless (Meraki) pool we look for layer
7 evidence of P2P use. If we see any we grab a pretty screenshot and add it
to the evidence pile.

If the identified machine is currently on the network we'll look for live
evidence of P2P traffic on our bandwidth shaper (Procera).  If we see any
we grab a pretty screenshot and add it to the evidence pile.

Once the evidence is compiled we forward the takedown notice and evidence
to the student. In our cover letter we are charitable and suggest that,
perhaps, they don't realize that they are sharing the file and ask them to
disable access to the file. We offer to further explain, to assist in
disabling access, and to accept that they actually have copyright holder's
permission to share the file. We ask them to help the college maintain its
online reputation.


Rand

Rand P. Hall
Director, Network Services                 askIT!
Merrimack College
978-837-3532
rand.hall () merrimack edu



On Tue, Nov 29, 2011 at 10:42 AM, Kevin Halgren
<kevin.halgren () washburn edu>wrote:

> Looking at the current discussion on DMCA notices, I was wondering how
> those of you using NAT handle associating a DMCA notice with a particular
> client system.  This continues to be a challenge for us.
>
> Kevin