Re: Blocking p2p traffic

[Robert Lau <rslau () USC EDU>]

We are using Fortinet 10gig blades to rate limit or block P2P on selected networks.  But P2P traffic on those networks 
has rapidly declined over the past year.  Streaming overtook P2P a while ago (several orders of magnitude more 
traffic).  Why wait X minutes to download a movie when you can watch it instantly?  However, if your uplink cannot 
support multiple simultaneous HD streams, then people may need to resort to P2P downloading.

Based on our experience, and conversations with certain entities, we know that rate limiting does not eliminate DMCA 
notices.  The companies that send the notices use various detection techniques (monitoring tracker activity, seeding 
trojan content, etc.)  It does not matter if a client is only down/uploading at 100kbps, the fact that they are 
participating at all can be enough to trigger the warning.  To people who have recently installed tech and saw a 
decrease in DMCA notices, I suspect that is due more to the death of P2P rather than the effectiveness of the tech.

-robert

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David 
Curry
Sent: Thursday, May 02, 2013 13:31
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Blocking p2p traffic


We currently have an aging Packeteer whose sole remaining purpose in life is to "shape" peer-to-peer file sharing 
traffic (BitTorrent and friends) down to zero, thus keeping us from receiving DMCA takedown requests. It's worked well 
at this for several years, but now we're starting to max it out as far as licensed bandwidth goes, and we're not 
inclined to spend more money on such an old device.

So... we're in the market for something new, and thought we'd ask what other schools are using. From a bit of research 
it looks like Procera and Exinda are still in that space; A10 has a product on their website still, but it doesn't look 
like there's much focus on it anymore (maybe we're wrong). Juniper SRX firewalls (which we own) have some capabilities 
in this space via their AppID stuff; we'd be interested in hearing from anyone using them for that purpose. And yes, we 
know that Palo Alto firewalls can do it -- but we don't have Palo Altos and have no plans to purchase them anytime 
soon, so that's not really an option for us.

If you're using something OTHER THAN a Palo Alto firewall to block/limit/reduce peer-to-peer traffic:

  *   What product are you using?
  *   What are you doing with peer-to-peer (blocking, limiting, etc.)
  *   How well is it working?
  *   Do you like it?
After responses taper off, I'll summarize back to the list.

Thanks,
--Dave




--

DAVID A. CURRY, CISSP € DIRECTOR OF INFORMATION SECURITY

THE NEW SCHOOL € 55 W. 13TH STREET € NEW YORK, NY 10011

+1 212 229-5300 x4728 € david.curry () newschool edu<mailto:david.curry () newschool edu>