Educause Security Discussion mailing list archives
Re: Gaming and dorm students
From: "Loftus, Steven E" <seloftus () MCKENDREE EDU>
Date: Thu, 17 Jan 2013 17:40:05 +0000
At my location bandwidth is a serious concern due to availability - we are a small university and the local infrastructure cannot provide above about 100Mbps service. In practice we don't even need this to facilitate reliable connections and speeds with proper shaping techniques. Our approach wasto do some research on how the games actually behave in practice instead of on paper. The p2p aspect of games is usually a portion of the updater and not the game itself. The updater will also use a pre-defined port range that is manageable, usually not exceeding about 1000 ports and certainly not in the range used by p2p clients used for things like downloading music and movies. However, if you're in a lmited bandwidth setting, p2p activity will kill you due to the massive overhead of that many connections being made. We use a 3-fold approach - the first is your basic firewall using default block rule and being somewhat liberal with how we open ports at the request of students. You'll need to do some research for them to figure out the necessary ports, but that's not a big deal. The 2nd factor is your application filtering - getting your signature detection working right so you can see when people are using p2p. Of course the p2p won't work with a restrictive firewall, but the overhead is still there and can lead to congestion. In our case we block p2p that isn't explicitly allowed by the firewall rules. Then we send the student a scary e-mail telling them to knock it off. The third step is just very basic shaping - as the bandwidth and connection in use goes up, available bandwidth and connections allowed goes down. This is quite possibly voodoo and is just taken care of by our gateway and I don't ask it questions. It does mean that p2p updates usually don't work very well because, while the WAN bandwidth isn't really being used, they are using a ton of half-open connections. When the game updater sees the p2p updater isn't working it usually kicks itself over to an HTTP download, which isn't really a problem. For reference - we were not happy with given appliance in terms of benefits to cost and accomplish most of this using a cheaper server, Untangle, and some of our own wizardry. Each type of network, wired and wireless, feeds through their own vLANs, their own gateways (as VMs, of course), and out through a commercial ISP to keep costs down and isolate their activity from the academic network. The real problem you're going to have is trying to offer wireless support for game consoles if you try to do anything other than PSKs, but that is a discussion for another thread. -Steven -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Hahues, Sven Sent: Thursday, January 17, 2013 11:08 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Gaming and dorm students I am late to the party but here's what we do: We got the charge from our housing administration to make living in housing as close to living at home as possible, so we have totally unfiltered Internet, and a dedicated publically routable network for playstations/xboxs to get around the NAT complications. It's great for the students, it's hard for us, because we never have enough bandwidth. We have recently deployed an Exinda traffic shaping device (like 2 weeks ago) but we are still in the process of tuning it. We have a system that ties in with our NAC that will automatically move p2p users into a quarantine network, and they get told they violated our networks acceptable use policy. This helps us for the most part with the RIAA/MPAA complaints. Depending on the amount of people in your dorms, the sign in sheet may work, or you could allow everything from the dorms, and just log who does what. If you get an RIAA notice, you can suspend the users network access. Just some ideas. Sven -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bob Williamson Sent: Monday, January 14, 2013 9:24 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Gaming and dorm students I am the network admin at a small K-12 private school. We have about 90 dorm students. A problem I am running into is enabling the dorm students to be able to use normal games like "World of Wrcraft", "League of Legends", etc. It seems a lot of these games are using bittorrent on the backend. Without digging into the specifics, how are others handling the dormers requests? Telling them no does not seem appropriate, but not letting them play seems bogus. I was toying with the idea of having the individuals sign a sheet saying they will not use bittorent for illegal purposes. Any thoughts would be appreciated. Note that I am using a Palo Alto so can handle filtering by user and app level. Bob Williamson Network Administrator Annie Wright Schools | 827 N Tacoma Ave, Tacoma, WA 98403 | www.aw.org <http://www.aw.org/> D: 253.272.2216 | F: 253.572.3616 | Bob_Williamson () aw org Mission: Annie Wright's strong community cultivates individual learners to become well-educated, creative, and responsible citizens for a global society. Find Annie Wright Schools on Facebook <http://www.facebook.com/anniewrightschools> Follow our Head of Schools on Twitter @AWShead <http://www.twitter.com/awshead> ________________________________ No department at FGCU will EVER ask you for your username and password in person or through e-mail. If you receive an e-mail requesting your EagleMail or FGCU email password, DO NOT respond. Delete the e-mail immediately. If you receive a questionable e-mail, please contact the Help Desk at 239-590-1188. ________________________________ BUSINESS TECHNOLOGY SERVICES WILL NEVER ASK FOR YOUR PASSWORD. You should never give out your username or password for any accounts you have, including bank accounts, credit card accounts, and other personal or University accounts. Business Technology Services will never contact you using a return e-mail address that is not @fgcu.edu. If you receive a questionable e-mail or an e-mail asking for passwords and logon information, DO NOT RESPOND, and please contact the Help Desk at 239-590-1188.
Current thread:
- Gaming and dorm students Bob Williamson (Jan 14)
- Re: Gaming and dorm students Jeff Kell (Jan 14)
- Re: Gaming and dorm students Tim Doty (Jan 15)
- Re: Gaming and dorm students Chris Golden (Feb 01)
- Re: Gaming and dorm students Bradley, Stephen (Jan 15)
- Re: Gaming and dorm students Bob Williamson (Jan 15)
- Re: Gaming and dorm students Behun, Michael (Jan 15)
- Re: Gaming and dorm students Bob Williamson (Jan 15)
- Re: Gaming and dorm students King, Ronald A. (Jan 15)
- Re: Gaming and dorm students Hahues, Sven (Jan 17)
- Re: Gaming and dorm students Loftus, Steven E (Jan 17)
- Re: Gaming and dorm students Jeff Kell (Jan 14)